|
Plagegeister aller Art und deren Bekämpfung: Festplattenzugriff sehr langsam - Malware?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
14.04.2014, 22:18 | #1 |
| Festplattenzugriff sehr langsam - Malware? Hallo, ich habe einen 3,5 Jahre alten Win 7 Laptop, der schon mehrmals wegen "Kleinigkeiten" in der Reparatur war (ich habe eine Extra-Versicherung dazu abgeschlossen, die sich schon sehr gelohnt hat). Das letzte Mal war er in der Reparatur, weil die Festplattenverkleidung gebrochen war. Danach hat er einige Monate lang sehr gut funktioniert, seit einigen Wochen ist aber der Festplattenzugriff extrem langsam, und ich versuche herauszufinden, ob es ein Festplattenproblem oder ein Virenproblem ist. Die Probleme, die ich habe: Neustarten dauert 30 Minuten, und er friert regelmäßig beim Starten aus dem Ruhezustand ein. Insbesondere dauert es super lange von der Anmeldung bis zur Benutzbarkeit des Computers, und der Desktop etc. friert oft ein. Das Problem habe ich auch, wenn ich im abgesicherten Modus starte. Zusätzlich friert der Computer sehr oft ein, ganz besonders, wenn ich etwas speichere (also wenn ich ein word-Dokument speichern will, friert er ein, braucht 10-20 Minuten, und dann geht es wieder). Der Task-Manager funktioniert nur eingeschränkt, d.h. ich kann zwar die Prozesse sehen und bearbeiten, aber die Reiter oben fehlen. Ich habe schon die Windows-eigene Festplatten-fehlersuche durchführen lassen, ohne ergebnis. Habe auch schon nen festplatten-scan aus dem Bios gemacht (C, auch ohne Probleme. Mein nächster Schritt wäre das Neuaufsetzen des Systems, aber ich wollte doch hier nochmal fragen, ob es vielleicht eine Malware sein könnte, und wenn ja, welche. Ein Online-Virenscan mit Kaspersky blieb ohne Ergebnis. Vielen Dank im Voraus, trojanertoni |
15.04.2014, 09:27 | #2 |
/// the machine /// TB-Ausbilder | Festplattenzugriff sehr langsam - Malware? hi,
__________________Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit (Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
15.04.2014, 13:19 | #3 |
| Festplattenzugriff sehr langsam - Malware? Vielen Dank!
__________________First.txt: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-04-2014 Ran by Toni (administrator) on TONI-HP on 15-04-2014 14:16:08 Running from C:\Users\Toni\Downloads Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard Internet Explorer Version 11 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe (AMD) C:\Windows\system32\atiesrxx.exe (IDT, Inc.) C:\Program Files\IDT\WDM\STacSV64.exe (Hewlett-Packard Company) C:\Windows\system32\Hpservice.exe (AMD) C:\Windows\system32\atieclxx.exe (Validity Sensors, Inc.) C:\Windows\system32\vcsFPService.exe (Egis Technology Inc. ) C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe (Egis Technology Inc. ) C:\Program Files (x86)\Hewlett-Packard\HP SimplePass Identity Protection\EgisService.exe (Microsoft Corporation) C:\Windows\system32\WLANExt.exe (Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe (REINER SCT) C:\Windows\SysWOW64\cjpcsc.exe (Cisco Systems, Inc.) C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe (EasyBits Software AS) C:\Windows\SysWOW64\ezSharedSvcHost.exe (O&O Software GmbH) C:\Program Files\OO Software\DriveLED\oodlag.exe () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Flux Software LLC) C:\Users\Toni\AppData\Local\FluxSoftware\Flux\flux.exe (Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE (Dropbox, Inc.) C:\Users\Toni\AppData\Roaming\Dropbox\bin\Dropbox.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe () C:\Program Files (x86)\Besta\PSH2.0\PSH2.exe (Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe (Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [HotKeysCmds] => C:\Windows\system32\hkcmd.exe [386584 2010-06-22] (Intel Corporation) HKLM\...\Run: [Persistence] => C:\Windows\system32\igfxpers.exe [414744 2010-06-22] (Intel Corporation) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-13] (Synaptics Incorporated) HKLM\...\Run: [IntelWireless] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1928976 2010-03-05] (Intel(R) Corporation) HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [324096 2010-09-07] (Alcor Micro Corp.) HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [525312 2011-01-25] (IDT, Inc.) HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1266912 2013-10-23] (Microsoft Corporation) HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-06-21] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2010-04-27] (Intel Corporation) HKLM-x32\...\Run: [EgisTecPMMUpdate] => C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe [401192 2009-12-24] (Egis Technology Inc.) HKLM-x32\...\Run: [EgisUpdate] => C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe [201512 2009-12-24] (Egis Technology Inc.) HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated) HKLM-x32\...\Run: [ServiceHome] => C:\Program Files (x86)\Besta\PSH2.0\PSH2.exe [3067904 2010-08-20] () HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation) HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.) HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-05-20] (DivX, LLC) HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [163000 2012-12-12] (Geek Software GmbH) HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1263952 2013-02-13] () HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [295512 2013-11-13] (RealNetworks, Inc.) HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.) HKLM-x32\...\Run: [Magic Desktop for HP notification] => C:\ProgramData\Easybits Magic Desktop for HP\mdhpSUN.exe [1258504 2013-12-25] (Easybits) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) Winlogon\Notify\ScCertProp: wlnotify.dll [X] HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1 HKU\S-1-5-21-1437298276-3645973725-722044047-1001\...\Run: [Sidebar] => C:\Program Files\Windows Sidebar\sidebar.exe [1475584 2010-11-20] (Microsoft Corporation) HKU\S-1-5-21-1437298276-3645973725-722044047-1001\...\Run: [Klebezettel NG] => [X] HKU\S-1-5-21-1437298276-3645973725-722044047-1001\...\Run: [F.lux] => C:\Users\Toni\AppData\Local\FluxSoftware\Flux\flux.exe [1016712 2013-10-16] (Flux Software LLC) HKU\S-1-5-21-1437298276-3645973725-722044047-1001\...\Run: [OfficeSyncProcess] => C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [720064 2013-04-22] (Microsoft Corporation) HKU\S-1-5-21-1437298276-3645973725-722044047-1001\...\Run: [Citations] => C:\Program Files (x86)\Mekentosj\Papers\Citations.exe [664064 2013-03-12] (Mekentosj BV) HKU\S-1-5-21-1437298276-3645973725-722044047-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [20922016 2014-02-10] (Skype Technologies S.A.) HKU\S-1-5-21-1437298276-3645973725-722044047-1001\...\Policies\system: [DisableLockWorkstation] 0 HKU\S-1-5-21-1437298276-3645973725-722044047-1001\...\Policies\system: [DisableChangePassword] 0 Startup: C:\Users\Same\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk ShortcutTarget: MyPC Backup.lnk -> C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe (No File) Startup: C:\Users\Toni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\Toni\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) Startup: C:\Users\Toni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com/?ctid=CT3314958&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=2&UP=SP50F5CAE3-AA79-4F90-9244-0500FEC0D980&SSPV= HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM - {3A39D5F3-635C-44AB-A170-7EB25B6239D7} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF SearchScopes: HKLM - {99E87C1F-BC2F-42C6-9B24-5B9FA12E628F} URL = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms} SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 - {3A39D5F3-635C-44AB-A170-7EB25B6239D7} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF SearchScopes: HKLM-x32 - {99E87C1F-BC2F-42C6-9B24-5B9FA12E628F} URL = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms} SearchScopes: HKCU - DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://search.conduit.com/Results.aspx?ctid=CT3314958&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SP50F5CAE3-AA79-4F90-9244-0500FEC0D980&q={searchTerms}&SSPV= SearchScopes: HKCU - E69BCC8206984B329D06D7635D8406BF URL = hxxp://search.babylon.com/web/{searchTerms}?babsrc=SP_ss&affID=100489&mntrId=e8c86a190000000000000026c7a85423 SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://search.conduit.com/Results.aspx?ctid=CT3314958&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SP50F5CAE3-AA79-4F90-9244-0500FEC0D980&q={searchTerms}&SSPV= SearchScopes: HKCU - {3A39D5F3-635C-44AB-A170-7EB25B6239D7} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF SearchScopes: HKCU - {750CF89F-CA32-4255-9B2D-786E9F5C1E49} URL = SearchScopes: HKCU - {99E87C1F-BC2F-42C6-9B24-5B9FA12E628F} URL = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms} SearchScopes: HKCU - {AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8} URL = hxxp://www.daemon-search.com/search/web?q={searchTerms} BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) BHO: EgisPBIE Class - {7B51CCBE-4AF9-44A6-BDAB-D7F7E4C4E6F9} - C:\Program Files (x86)\Hewlett-Packard\HP SimplePass Identity Protection\x64\EgisPBIE.dll (Egis Technology Inc.) BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation) BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader) BHO-x32: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: EgisPBIE Class - {7B51CCBE-4AF9-44A6-BDAB-D7F7E4C4E6F9} - C:\Program Files (x86)\Hewlett-Packard\HP SimplePass Identity Protection\EgisPBIE.dll (Egis Technology Inc.) BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation) BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: No Name - {B530A9A4-1722-4D16-AAD6-AA85E3AD2ADE} - No File BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll No File Toolbar: HKCU - DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll No File DPF: HKLM-x32 {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} hxxp://quickscan.bitdefender.com/qsax/qsax.cab Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation) Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.48.1 Tcpip\..\Interfaces\{30B2CFE4-82E7-44F2-ABFF-E00AF5D91C19}: [NameServer]0.0.0.0 FireFox: ======== FF ProfilePath: C:\Users\Toni\AppData\Roaming\Mozilla\Firefox\Profiles\54ueq59q.default-1392319113432 FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll () FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.) FF Plugin: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll () FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.) FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf - C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @real.com/nppl3260;version=16.0.3.51 - c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=15.0.6.14 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprphtml5videoshim;version=15.0.6.14 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprpplugin;version=16.0.3.51 - c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer) FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader) FF Plugin-x32: @sun.com/npsopluginmi;version=1.0 - C:\Program Files (x86)\OpenOffice.org 3\program () FF Plugin-x32: @videolan.org/vlc,version=2.0.2 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.2 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.3 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nprpplugin.dll (RealPlayer) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll (Nullsoft, Inc.) FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: Bitdefender QuickScan - C:\Users\Toni\AppData\Roaming\Mozilla\Firefox\Profiles\54ueq59q.default-1392319113432\Extensions\{e001c731-5e37-4538-a5cb-8168736a2360} [2014-04-15] FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-04-14] FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-04-14] FF HKLM-x32\...\Firefox\Extensions: [{41ecbc0b-34d5-4cd4-935f-253a30e2cb7e}] - C:\Program Files (x86)\Hewlett-Packard\HP SimplePass Identity Protection\FFExt FF Extension: SimplePass Online Accounts Extension - C:\Program Files (x86)\Hewlett-Packard\HP SimplePass Identity Protection\FFExt [2010-10-08] FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 FF Extension: DivX Plus Web Player HTML5 <video> - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012-02-06] FF HKLM-x32\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [] Chrome: ======= CHR HomePage: hxxp://de.msn.com/?pc=UP97&ocid=UP97DHP CHR Plugin: (Shockwave Flash) - C:\Users\Toni\AppData\Local\Google\Chrome\Application\32.0.1700.76\gcswf32.dll No File CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll No File CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll No File CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll No File CHR Plugin: (Java Deployment Toolkit 6.0.240.7) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll (Sun Microsystems, Inc.) CHR Plugin: (Java(TM) Platform SE 6 U24) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.) CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll No File CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll No File CHR Plugin: (DivX Web Player) - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) CHR Plugin: (RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll (RealNetworks, Inc.) CHR Plugin: (RealPlayer Version Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\nprpjplug.dll No File CHR Plugin: (RealNetworks(tm) RealPlayer Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) CHR Plugin: (RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) CHR Plugin: (Remoting Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Users\Toni\AppData\Local\Google\Chrome\Application\32.0.1700.76\ppGoogleNaClPluginChrome.dll No File CHR Plugin: (Chrome PDF Viewer) - C:\Users\Toni\AppData\Local\Google\Chrome\Application\32.0.1700.76\pdf.dll No File CHR Plugin: (RealJukebox NS Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\nprjplug.dll No File CHR Plugin: (Winamp Application Detector) - C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll (Nullsoft, Inc.) CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) CHR Plugin: (Foxit Reader Plugin for Mozilla) - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) CHR Plugin: (VLC Multimedia Plug-in) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () CHR Plugin: (PDF-XChange Viewer) - C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.) CHR Plugin: (Google Update) - C:\Users\Toni\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll No File CHR Plugin: (Windows Activation Technologies) - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) CHR Plugin: (Default Plug-in) - default_plugin No File CHR Extension: (RealDownloader) - C:\Users\Toni\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2013-11-17] CHR Extension: (NCapture) - C:\Users\Toni\AppData\Local\Google\Chrome\User Data\Default\Extensions\lgomjifbpjfhpodjhihemafahhmegbek [2013-04-13] CHR Extension: (Skype Click to Call) - C:\Users\Toni\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2012-07-15] CHR Extension: (Google Wallet) - C:\Users\Toni\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-17] CHR Extension: (Mehr Leistung und Videoformate für dein HTML5 <video>) - C:\Users\Toni\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm [2011-06-22] CHR Extension: (Bitdefender QuickScan) - C:\Users\Toni\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdnkcidphdcakpkheohlhocaicfamjie [2014-01-14] CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14] CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2011-12-12] ==================== Services (Whitelisted) ================= R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1363584 2014-03-03] (Microsoft Corporation) R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1748608 2014-03-03] (Microsoft Corporation) R2 cjpcsc; C:\Windows\SysWOW64\cjpcsc.exe [514128 2012-03-19] (REINER SCT) R2 EgisTec Service; C:\Program Files (x86)\Hewlett-Packard\HP SimplePass Identity Protection\EgisService.exe [697712 2010-06-08] (Egis Technology Inc. ) R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-10-23] (Microsoft Corporation) S4 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2010-03-05] () S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [348376 2013-10-23] (Microsoft Corporation) R2 O&O DriveLED; C:\Program Files\OO Software\DriveLED\oodlag.exe [610048 2009-09-28] (O&O Software GmbH) R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] () S2 HP Health Check Service; "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe" [X] ==================== Drivers (Whitelisted) ==================== U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation) S3 cjusb; C:\Windows\System32\DRIVERS\cjusb.sys [34672 2011-03-29] (REINER SCT) R3 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [306536 2011-03-04] () R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2012-02-06] (DT Soft Ltd) R1 DVMIO; C:\Windows\System32\DRIVERS\dvmio.sys [20056 2009-11-11] (DeviceVM, Inc.) R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [248240 2013-09-27] (Microsoft Corporation) S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [134944 2013-09-27] (Microsoft Corporation) R0 OODrvled; C:\Windows\System32\DRIVERS\OODrvled.sys [30216 2009-09-28] (O&O Software GmbH) R2 ProtectorA; C:\Windows\system32\drivers\ProtectorA.sys [22672 2012-01-11] (www.ISRA.org.cn) S3 VMLiteUSB; C:\Windows\System32\Drivers\VMLiteUSB.sys [150120 2010-08-11] (VMLite, Inc.) S3 ALSysIO; \??\C:\Users\Toni\AppData\Local\Temp\ALSysIO64.sys [X] S3 catchme; \??\C:\ComboFix\catchme.sys [X] S3 clwvd; system32\DRIVERS\clwvd.sys [X] S3 iscFlash; \??\C:\Users\Toni\AppData\Local\Temp\iscflashx64.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-04-15 14:16 - 2014-04-15 14:16 - 00029773 _____ () C:\Users\Toni\Downloads\FRST.txt 2014-04-15 14:16 - 2014-04-15 14:16 - 00000000 ____D () C:\FRST 2014-04-15 14:15 - 2014-04-15 14:15 - 02054144 _____ (Farbar) C:\Users\Toni\Downloads\FRST64.exe 2014-04-14 22:30 - 2014-04-14 22:30 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-04-07 21:57 - 2014-04-07 21:57 - 00000364 _____ () C:\Users\Toni\Downloads\swisscom_internet_access.txt 2014-03-27 18:53 - 2014-03-28 10:50 - 00001006 _____ () C:\Users\Toni\Downloads\Lab 4.do 2014-03-24 08:11 - 2014-03-24 08:11 - 00000227 _____ () C:\Users\Toni\Downloads\Lab 3.do 2014-03-24 07:40 - 2014-03-24 07:40 - 00002922 _____ () C:\Users\Toni\Downloads\Lab3_States.dta ==================== One Month Modified Files and Folders ======= 2014-04-15 14:16 - 2014-04-15 14:16 - 00029773 _____ () C:\Users\Toni\Downloads\FRST.txt 2014-04-15 14:16 - 2014-04-15 14:16 - 00000000 ____D () C:\FRST 2014-04-15 14:15 - 2014-04-15 14:15 - 02054144 _____ (Farbar) C:\Users\Toni\Downloads\FRST64.exe 2014-04-15 13:58 - 2013-09-01 17:48 - 00001116 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1437298276-3645973725-722044047-1006UA.job 2014-04-15 13:44 - 2012-11-23 17:42 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-04-15 13:22 - 2009-07-14 06:45 - 00023248 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-04-15 13:22 - 2009-07-14 06:45 - 00023248 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-04-15 13:19 - 2012-01-26 22:40 - 00000000 ____D () C:\Users\Toni\AppData\Roaming\Dropbox 2014-04-15 13:18 - 2012-01-26 22:41 - 00000000 ___RD () C:\Users\Toni\Dropbox 2014-04-15 13:18 - 2011-03-01 19:30 - 00000000 ____D () C:\Users\Toni\AppData\Roaming\Skype 2014-04-15 13:18 - 2010-10-08 19:31 - 01491409 _____ () C:\Windows\WindowsUpdate.log 2014-04-15 13:17 - 2011-03-02 15:19 - 00003922 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{33F05840-799A-45B7-A3DC-FC5A62EDCA7E} 2014-04-15 13:13 - 2009-07-14 04:34 - 00422683 _____ () C:\Windows\win.ini 2014-04-15 13:05 - 2010-07-23 20:10 - 23411920 _____ () C:\Windows\system32\perfh007.dat 2014-04-15 13:02 - 2010-07-23 20:10 - 07611282 _____ () C:\Windows\system32\perfc007.dat 2014-04-15 13:02 - 2009-07-14 07:13 - 00006488 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-04-15 12:53 - 2014-01-13 18:13 - 00002987 _____ () C:\Windows\setupact.log 2014-04-15 12:53 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-04-14 22:30 - 2014-04-14 22:30 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-04-14 21:40 - 2013-09-01 17:48 - 00001064 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1437298276-3645973725-722044047-1006Core.job 2014-04-14 09:00 - 2014-01-23 23:07 - 00000000 ____D () C:\Program Files\Microsoft Security Client 2014-04-14 09:00 - 2014-01-23 23:07 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client 2014-04-14 09:00 - 2013-08-24 18:25 - 00000000 ____D () C:\Users\Same 2014-04-14 09:00 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\registration 2014-04-13 23:15 - 2011-03-01 18:37 - 00000000 ____D () C:\Users\Toni 2014-04-07 21:57 - 2014-04-07 21:57 - 00000364 _____ () C:\Users\Toni\Downloads\swisscom_internet_access.txt 2014-03-28 10:50 - 2014-03-27 18:53 - 00001006 _____ () C:\Users\Toni\Downloads\Lab 4.do 2014-03-28 10:02 - 2011-03-01 19:21 - 00000000 ____D () C:\Users\Toni\AppData\Roaming\vlc 2014-03-27 03:01 - 2011-06-02 22:08 - 00000000 ____D () C:\Users\Toni\Documents\My Library 2014-03-24 08:11 - 2014-03-24 08:11 - 00000227 _____ () C:\Users\Toni\Downloads\Lab 3.do 2014-03-24 07:40 - 2014-03-24 07:40 - 00002922 _____ () C:\Users\Toni\Downloads\Lab3_States.dta 2014-03-23 00:42 - 2013-07-21 03:05 - 00000000 ____D () C:\Windows\system32\MRT 2014-03-23 00:40 - 2011-04-08 22:22 - 90015360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-03-22 11:36 - 2013-02-27 23:15 - 00000000 ____D () C:\Windows\rescache 2014-03-22 11:35 - 2011-03-06 19:09 - 00000000 ____D () C:\Windows\System32\Tasks\Games 2014-03-21 18:47 - 2011-12-22 06:51 - 00000000 ___RD () C:\Program Files (x86)\Skype Some content of TEMP: ==================== C:\Users\Toni\AppData\Local\Temp\Foxit Reader Updater.exe C:\Users\Toni\AppData\Local\Temp\htmlayout.dll C:\Users\Toni\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe C:\Users\Toni\AppData\Local\Temp\nsxF251.exe C:\Users\Toni\AppData\Local\Temp\SPSetup.exe C:\Users\Toni\AppData\Local\Temp\uninstall10646319.exe C:\Users\Toni\AppData\Local\Temp\vlc-2.1.2-win32.exe C:\Users\Toni\AppData\Local\Temp\vlc-2.1.3-win32.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-04-2014 Ran by Toni at 2014-04-15 14:16:42 Running from C:\Users\Toni\Downloads Boot Mode: Normal ========================================================== ==================== Security Center ======================== AV: Microsoft Security Essentials (Disabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F} AS: Microsoft Security Essentials (Disabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2} ==================== Installed Programs ====================== Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated) ActiveCheck component for HP Active Support Library (x32 Version: 3.0.0.3 - Hewlett-Packard) Hidden Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.) Adobe AIR (x32 Version: 1.5.0.7220 - Adobe Systems Inc.) Hidden Adobe Digital Editions (HKLM-x32\...\Digital Editions) (Version: - ) Adobe Flash Player 12 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 12.0.0.77 - Adobe Systems Incorporated) Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated) Adobe Reader 9.5.5 MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-A91000000001}) (Version: 9.5.5 - Adobe Systems Incorporated) Alcor Micro USB Card Reader (HKLM-x32\...\InstallShield_{AB71D51A-DD83-4C22-98E2-DF8CB803F65D}) (Version: 1.14.17.06729 - Alcor Micro Corp.) Alcor Micro USB Card Reader (x32 Version: 1.14.17.06729 - Alcor Micro Corp.) Hidden Amazon Kindle (HKLM-x32\...\Amazon Kindle) (Version: - Amazon) Anki (HKLM-x32\...\Anki) (Version: - ) Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.) Apple Software Update (HKLM-x32\...\{C6579A65-9CAE-4B31-8B6B-3306E0630A66}) (Version: 2.1.3.127 - Apple Inc.) ATI Catalyst Install Manager (HKLM\...\{1795BAA8-65EC-66D0-9DA4-D4B1FBE7700E}) (Version: 3.0.778.0 - ATI Technologies, Inc.) BioExcess (Version: 7.0.33.0 - Egis Technology Inc.) Hidden Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) Broadcom 2070 Bluetooth 3.0 (HKLM\...\{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}) (Version: 6.3.0.5600 - Broadcom Corporation) Catalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI) Hidden Catalyst Control Center Graphics Previews Common (x32 Version: 2010.0621.2137.36973 - ATI) Hidden Catalyst Control Center Graphics Previews Vista (x32 Version: 2010.0621.2137.36973 - ATI) Hidden Catalyst Control Center InstallProxy (x32 Version: 2010.0621.2137.36973 - ATI Technologies, Inc.) Hidden Catalyst Control Center Localization All (x32 Version: 2010.0621.2137.36973 - ATI) Hidden CCC Help Chinese Standard (x32 Version: 2010.0621.2136.36973 - ATI) Hidden CCC Help Chinese Traditional (x32 Version: 2010.0621.2136.36973 - ATI) Hidden CCC Help Czech (x32 Version: 2010.0621.2136.36973 - ATI) Hidden CCC Help Danish (x32 Version: 2010.0621.2136.36973 - ATI) Hidden CCC Help Dutch (x32 Version: 2010.0621.2136.36973 - ATI) Hidden CCC Help English (x32 Version: 2010.0621.2136.36973 - ATI) Hidden CCC Help Finnish (x32 Version: 2010.0621.2136.36973 - ATI) Hidden CCC Help French (x32 Version: 2010.0621.2136.36973 - ATI) Hidden CCC Help German (x32 Version: 2010.0621.2136.36973 - ATI) Hidden CCC Help Greek (x32 Version: 2010.0621.2136.36973 - ATI) Hidden CCC Help Hungarian (x32 Version: 2010.0621.2136.36973 - ATI) Hidden CCC Help Italian (x32 Version: 2010.0621.2136.36973 - ATI) Hidden CCC Help Japanese (x32 Version: 2010.0621.2136.36973 - ATI) Hidden CCC Help Korean (x32 Version: 2010.0621.2136.36973 - ATI) Hidden CCC Help Norwegian (x32 Version: 2010.0621.2136.36973 - ATI) Hidden CCC Help Polish (x32 Version: 2010.0621.2136.36973 - ATI) Hidden CCC Help Portuguese (x32 Version: 2010.0621.2136.36973 - ATI) Hidden CCC Help Russian (x32 Version: 2010.0621.2136.36973 - ATI) Hidden CCC Help Spanish (x32 Version: 2010.0621.2136.36973 - ATI) Hidden CCC Help Swedish (x32 Version: 2010.0621.2136.36973 - ATI) Hidden CCC Help Thai (x32 Version: 2010.0621.2136.36973 - ATI) Hidden CCC Help Turkish (x32 Version: 2010.0621.2136.36973 - ATI) Hidden ccc-core-static (x32 Version: 2010.0621.2137.36973 - Ihr Firmenname) Hidden ccc-utility64 (Version: 2010.0621.2137.36973 - ATI) Hidden Cisco Systems VPN Client 5.0.07.0440 (HKLM\...\{5FDC06BF-3D3D-4367-8FFB-4FAFCB61972D}) (Version: 5.0.7 - Cisco Systems, Inc.) Crystal Reports for .NET Framework 2.0 (x86) (HKLM-x32\...\{7C05EEDD-E565-4E2B-ADE4-0C784C17311C}) (Version: 10.2.0 - Business Objects) cyberJack Base Components (HKLM-x32\...\{FC338210-F594-11D3-BA24-00001C3AB4DF}) (Version: 6.10.0 - REINER SCT) DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.45.2.0287 - DT Soft Ltd) Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{92C42EDD-6524-4577-B2EB-6C68C63B6D4A}) (Version: - Microsoft) DivX-Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.1.44 - DivX, LLC) Dropbox (HKCU\...\Dropbox) (Version: 2.4.11 - Dropbox, Inc.) Energy Star Digital Logo (HKLM-x32\...\{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}) (Version: 1.0.1 - Hewlett-Packard) ESU for Microsoft Windows 7 (HKLM-x32\...\{3877C901-7B90-4727-A639-B6ED2DD59D43}) (Version: 1.0.0 - Hewlett-Packard) EVEREST Home Edition v2.20 (HKLM-x32\...\EVEREST Home Edition_is1) (Version: 2.20 - Lavalys Inc) f.lux (HKCU\...\Flux) (Version: - ) FormatFactory 2.70 (HKLM-x32\...\FormatFactory) (Version: 2.70 - Free Time) Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 6.0.3.524 - Foxit Corporation) Free M4a to MP3 Converter 7.0 (HKLM-x32\...\Free M4a to MP3 Converter_is1) (Version: - ManiacTools.com) Free PDF to Word Doc Converter v1.1 (HKLM-x32\...\Free PDF to Word Doc Converter_is1) (Version: 1.1 - www.hellopdf.com) FreeMind (HKLM-x32\...\B991B020-2968-11D8-AF23-444553540000_is1) (Version: 0.9.0 - ) GIMP 2.6.8 (HKLM\...\WinGimp-2.0_is1) (Version: - ) GPL Ghostscript 8.71 (HKLM-x32\...\GPL Ghostscript 8.71) (Version: - ) GSview 4.9 (HKLM-x32\...\GSview 4.9) (Version: - ) HD Tune Pro 4.60 (HKLM-x32\...\HD Tune Pro_is1) (Version: - EFD Software) HiJackThis (HKLM-x32\...\{45A66726-69BC-466B-A7A4-12FCBA4883D7}) (Version: 1.0.0 - Trend Micro) HP 3D DriveGuard (HKLM\...\{991A4895-3346-4980-990F-A1041B73C6F7}) (Version: 4.0.5.1 - Hewlett-Packard Company) HP Customer Experience Enhancements (x32 Version: 6.0.1.4 - Hewlett-Packard) Hidden HP SimplePass Identity Protection (HKLM-x32\...\InstallShield_{E6CB67CC-71D2-46b9-8D43-A4641A9EECB2}) (Version: 7.0.33.0 - Egis Technology Inc.) HP SimplePass Identity Protection (x32 Version: 7.0.33.0 - Egis Technology Inc.) Hidden HPAsset component for HP Active Support Library (x32 Version: 3.0.0.3 - Hewlett-Packard) Hidden ICQ7.6 (HKLM-x32\...\{7644E42D-B096-457F-8B5B-901238FC81AE}) (Version: 7.6 - ICQ) Icy Tower v1.5 (HKLM-x32\...\Icy Tower v1.5_is1) (Version: - Free Lunch Design) IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6324.0 - IDT) Intel PROSet Wireless (Version: - ) Hidden Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation) Intel(R) PROSet/Wireless WiFi-Software (HKLM\...\{1A8BA6CE-822D-4888-89E2-ACBF4308F271}) (Version: 13.02.0000 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.3.1001 - Intel Corporation) Intel(R) Turbo Boost Technology Driver (HKLM-x32\...\{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}) (Version: 01.02.00.1002 - Intel Corporation) Intel(R) Wireless Display (HKLM\...\{0D9917CE-1C77-4B58-A153-DCB5A854ED82}) (Version: 1.2.15.0 - Intel Corporation) iTunes (HKLM\...\{D601CEAD-2E4F-4BBB-85CC-C29A4CE6A3C0}) (Version: 11.1.3.8 - Apple Inc.) JabRef 2.6 (HKLM-x32\...\JabRef 2.6) (Version: 2.6 - JabRef Team) Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.510 - Oracle) Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden Java(TM) 6 Update 20 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416020FF}) (Version: 6.0.200 - Sun Microsystems, Inc.) Java(TM) 6 Update 22 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216022F0}) (Version: 6.0.220 - Oracle) Java(TM) 6 Update 24 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216020FF}) (Version: 6.0.240 - Sun Microsystems, Inc.) Kindle PC Converter (HKLM-x32\...\KindleConverter) (Version: - hxxp://www.ebook-converter.com) Klebezettel NG (Version 2.9.12) (HKLM-x32\...\{4F81901F-3655-4340-8227-F687F69A3C79}}_is1) (Version: - ) LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.2907 - CyberLink Corp.) LabelPrint (x32 Version: 2.5.2907 - CyberLink Corp.) Hidden Lame ACM MP3 Codec (HKLM-x32\...\LameACM) (Version: - ) LEd Beta 0.53 (HKLM-x32\...\LEd_is1) (Version: - www.LaTeXEditor.org) LingoPad 2.6 (Build 360) (HKLM-x32\...\LingoPad_is1) (Version: 2.6 - Lingo4you) Malwarebytes Anti-Malware Version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation) Mendeley Desktop 1.10.3 (HKLM-x32\...\Mendeley Desktop) (Version: 1.10.3 - Mendeley Ltd.) Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Groove MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office InfoPath MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation) Microsoft Office Professional Plus 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Reader (HKLM-x32\...\{B6F7DBE7-2FE2-458F-A738-B10832746036}) (Version: - ) Microsoft Security Client (Version: 4.4.0304.0 - Microsoft Corporation) Hidden Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.4.304.0 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation) Microsoft SQL Server 2005 (HKLM-x32\...\Microsoft SQL Server 2005) (Version: - Microsoft Corporation) Microsoft SQL Server 2005 Tools Express Edition (x32 Version: 9.4.5000.00 - Microsoft Corporation) Hidden Microsoft SQL Server Native Client (HKLM\...\{9ACF3FDB-C8E6-444C-8C64-13A221F7BFFD}) (Version: 9.00.5000.00 - Microsoft Corporation) Microsoft SQL Server Setup Support Files (English) (HKLM-x32\...\{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}) (Version: 9.00.5000.00 - Microsoft Corporation) Microsoft SQL Server VSS Writer (HKLM\...\{B636C9B9-A3F2-4DCE-ADCC-72E095018385}) (Version: 9.00.5000.00 - Microsoft Corporation) Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) MiKTeX 2.8 (HKLM-x32\...\MiKTeX 2.8) (Version: 2.8 - MiKTeX.org) Mozilla Firefox 28.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 28.0 (x86 de)) (Version: 28.0 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 27.0.1 - Mozilla) Mozilla Thunderbird (3.1.10) (HKLM-x32\...\Mozilla Thunderbird (3.1.10)) (Version: 3.1.10 (de) - Mozilla) MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) Neverball 1.5.4 (HKLM-x32\...\Neverball) (Version: 1.5.4 - ) O&O DriveLED (HKLM\...\{53480150-81CB-4A86-B378-86B6F08AF80B}) (Version: 3.0.1945 - O&O Software GmbH) OpenOffice.org 3.4.1 (HKLM-x32\...\{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}) (Version: 3.41.9593 - Apache Software Foundation) Papers (HKLM-x32\...\Papers) (Version: 1.0.21.00849 - Mekentosj BV) PC Service Home (HKLM-x32\...\{2B069147-80C9-4C6A-9AFB-3534BEF70A96}) (Version: 2.0 - Besta) PC Service Home 2.0 (x32 Version: 2.0 - Besta) Hidden PDF24 Creator 5.2.0 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version: - PDF24.org) PDF-XChange Viewer (HKLM\...\{9ED333F8-3E6C-4A38-BAFA-728454121CDA}) (Version: 2.5.195.0 - Tracker Software Products Ltd.) Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.4204 - CyberLink Corp.) Power2Go (x32 Version: 6.1.4204 - CyberLink Corp.) Hidden PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 8.0.3003 - CyberLink Corp.) PowerDirector (x32 Version: 8.0.3003 - CyberLink Corp.) Hidden POWERPREP II (HKLM-x32\...\{2687340C-C114-47DC-9F0E-C1BA85FEB001}) (Version: 1.00.0000 - ETS) PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.) RealDownloader (x32 Version: 1.3.3 - RealNetworks, Inc.) Hidden RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden RealPlayer (HKLM-x32\...\RealPlayer 16.0) (Version: 16.0.3 - RealNetworks) RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden Recovery Manager (x32 Version: 5.5.3023 - CyberLink Corp.) Hidden RUBICon (HKLM-x32\...\{438134D3-0BD4-4C52-8575-5B2B63AD01C2}) (Version: 2.0.25 - RUB) Safari (HKLM-x32\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.) SCR3xxx Smart Card Reader (HKLM-x32\...\{6DA99C69-0799-467E-9496-F37E1E452A4A}) (Version: 8.40 - SCM Microsystems) Scribus 1.3.3.14 (HKLM-x32\...\Scribus 1.3.3.14) (Version: 1.3.3.14 - The Scribus Team) SecureW2 EAP Suite 2.0.4 for Windows (HKLM-x32\...\SecureW2 EAP Suite) (Version: - ) Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft) Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version: - Microsoft) Hidden Skype Click to Call (HKLM-x32\...\{BB285C9F-C821-4770-8970-56C4AB52C87E}) (Version: 7.1.15383.6004 - Microsoft Corporation) Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.) SuperTux 0.3.1 (HKLM-x32\...\SuperTux 0.3.1) (Version: 0.3.1 - SuperTux Devel Team) SuperTux 0.3.3 (HKLM-x32\...\SuperTux 0.3.3) (Version: 0.3.3 - SuperTux Devel Team) swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.29.0 - Synaptics Incorporated) Texmaker (HKLM-x32\...\Texmaker) (Version: - ) TeXnicCenter Version 1.0 Stable RC1 (HKLM-x32\...\TeXnicCenter_is1) (Version: Version 1.0 Stable RC1 - TeXnicCenter.org) TeXnicCenter Version 2.0 Alpha 4 (HKLM\...\TeXnicCenter Alpha_is1) (Version: 2.0 Alpha 4 - The TeXnicCenter Team) TeXstudio 2.5.1 (HKLM-x32\...\TeXstudio_is1) (Version: 2.5.1 - Benito van der Zander) TeXworks 0.4.4 (HKLM-x32\...\{41DA4817-4D2A-4D83-AD02-6A2D95DC8DCB}_is1) (Version: - TeX Users Group) Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version: - Microsoft) Update for Microsoft Filter Pack 2.0 (KB2837594) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{D3C85176-ACCC-4AF0-817D-1BC803303B74}) (Version: - Microsoft) Update for Microsoft Filter Pack 2.0 (KB2837594) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{D3C85176-ACCC-4AF0-817D-1BC803303B74}) (Version: - Microsoft) Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version: - Microsoft) Update for Microsoft InfoPath 2010 (KB2817396) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{39767ECA-1731-45DB-AB5B-6BF40E151D66}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2494150) (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{3FCFD88F-4D13-4F38-8625-ABABEA7F61EA}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{BA610006-2C39-4419-9834-CF61AB24810A}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{82F87E28-B18E-46D6-A399-E2F19CF5949B}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUS_{5E8EB600-8B94-429E-873E-98369C6DC1BC}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2863818) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{83B1B530-7D9E-4C6A-907F-E979CEE9C295}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2878225) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{EFF5EBA3-40AD-4859-85E7-3C1CF4F297EB}) (Version: - Microsoft) Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version: - Microsoft) Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version: - Microsoft) Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version: - Microsoft) Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUS_{DCE104A1-1875-4469-A83D-A5BFA6C4640F}) (Version: - Microsoft) Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUS_{DA2F7ECE-6629-4A80-9CDE-EC95261B75E2}) (Version: - Microsoft) Update for Microsoft PowerPoint 2010 (KB2775360) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{80F56E3F-1D47-4E45-B6E0-FEF4E919F4F9}) (Version: - Microsoft) Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version: - Microsoft) Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version: - Microsoft) Update for Microsoft Visio 2010 (KB2878227) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{5D357893-40BA-4323-86BA-D97C66CD72F4}) (Version: - Microsoft) Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{8C55AA83-54C2-4236-A622-78440A411DC5}) (Version: - Microsoft) Update for Microsoft Word 2010 (KB2837593) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{E78E2B68-8FD1-42EE-BB74-99A4D9E6222D}) (Version: - Microsoft) Validity Sensors DDK (HKLM\...\{426FAE9F-7373-496E-A215-9DB7EF4398CF}) (Version: 4.1.139.0 - Validity Sensors, Inc.) VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden Visual MP3 Splitter & Joiner 6.1 (HKLM-x32\...\Visual MP3 Splitter & Joiner_is1) (Version: - ManiacTools.com) VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN) Winamp (HKLM-x32\...\Winamp) (Version: 5.621 - Nullsoft, Inc) Winamp Detector Plug-in (HKCU\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc) ==================== Restore Points ========================= 09-04-2014 22:05:24 Windows Update 14-04-2014 19:51:58 Windows Update ==================== Hosts content: ========================== 2009-07-14 04:34 - 2012-07-14 05:19 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Scheduled Tasks (whitelisted) ============= Task: {287CB361-946F-4BED-BB1D-964638898F39} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {3426EBA1-6405-491C-A6A6-1994A3A026A1} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1437298276-3645973725-722044047-1006UA => C:\Users\Same\AppData\Local\Google\Update\GoogleUpdate.exe [2013-09-01] (Google Inc.) Task: {3CC0B9CC-1BA3-4566-90AF-3C548B2ACF53} - System32\Tasks\{701BC06A-8691-4551-8345-0A012D3DAF93} => C:\Program Files (x86)\ETS\PPGRE\PPREP\PPREP.EXE Task: {57D8295E-BA47-4C01-8660-9F5ACEB443CE} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-1437298276-3645973725-722044047-1006 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.) Task: {6DB49333-BD5D-4364-A874-6FFEE432A22A} - System32\Tasks\{4B0AB3FD-072B-49C1-9DAE-321C5D9D0606} => C:\Program Files (x86)\ETS\PPGRE\PPREP\PPREP.EXE Task: {6F012716-1F23-4DB9-B167-35DE956C8DDB} - System32\Tasks\RecoveryCDWin7 => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe Task: {6F6C13DE-992D-49AF-B9A5-FDB95254D1B3} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-12] (Adobe Systems Incorporated) Task: {6F6ED4FD-FDF3-4C4F-9164-DB346635B501} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Tuneup => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Task: {82DA5E68-361A-429C-A195-1418C93E2273} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1437298276-3645973725-722044047-1006Core => C:\Users\Same\AppData\Local\Google\Update\GoogleUpdate.exe [2013-09-01] (Google Inc.) Task: {83F8FF80-14B0-4D82-BB41-E5E32E51E44A} - System32\Tasks\{7BD11640-0BD7-41BE-9170-566962A31733} => C:\Program Files (x86)\ETS\PPGRE\PPREP\PPREP.EXE Task: {9A07DBC5-26F8-41D4-BBAE-D181D870D5A8} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe Task: {A1679FDF-41C3-4610-B8CF-E49FEB1BE2D0} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-1437298276-3645973725-722044047-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.) Task: {A83EA980-BA7A-40EC-8137-70E4323ADF2B} - System32\Tasks\YourFile DownloaderUpdate => C:\Program Files (x86)\YourFileDownloader\YourFileUpdater.exe [2012-12-12] (hxxp://yourfiledownloader.com) <==== ATTENTION Task: {C1213333-8446-4527-8413-B28369D3E19C} - System32\Tasks\{52114022-D133-4CB0-9911-8203C28ADD54} => Firefox.exe hxxp://ui.skype.com/ui/0/4.2.0.166.321/en/abandoninstall?page=tsMain&installinfo=google-toolbar:notoffered;notincluded,google-chrome:notoffered;notincluded Task: {C8474E8B-C8AE-4E07-AB1F-2382A2BF51C8} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-1437298276-3645973725-722044047-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.) Task: {CE012DF0-FE41-4651-95C3-E65494696CA8} - System32\Tasks\bfghfh => G:\Unterhaltung\Musik\Eigene Musik\Deutsch\Die Aerzte\Die Aerzte - Das Beste Von Kurz Nach Frueher Bis Jetze\CD1\09.Ist das alles.mp3 Task: {D3C23887-BC29-4C9C-8A5C-4F4CA9C93130} - System32\Tasks\{28F3FB92-1474-4AE0-B79A-2AB086115093} => C:\Program Files (x86)\ETS\PPGRE\PPREP\PPREP.EXE Task: {D80C438B-8E51-4EFB-BC7C-E83158AC61A1} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-1437298276-3645973725-722044047-1006 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.) Task: {E15C9183-1149-4452-97CD-C8CFA2186259} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1437298276-3645973725-722044047-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.) Task: {EE595EEF-9764-4AB0-B798-99F248F8A526} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1437298276-3645973725-722044047-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\Feven 1.5-chromeinstaller.job => C:\Users\Same\AppData\Local\Feven 1.5-BrowserExtensionUninstall\Feven 1.5-chromeinstaller.exe <==== ATTENTION Task: C:\Windows\Tasks\Feven 1.5-firefoxinstaller.job => C:\Users\Same\AppData\Local\Feven 1.5-BrowserExtensionUninstall\Feven 1.5-firefoxinstaller.exe <==== ATTENTION Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1437298276-3645973725-722044047-1006Core.job => C:\Users\Same\AppData\Local\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1437298276-3645973725-722044047-1006UA.job => C:\Users\Same\AppData\Local\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\SuperLyrics-16-chromeinstaller.job => C:\Users\Same\AppData\Local\SuperLyrics-16-BrowserExtensionUninstall\SuperLyrics-16-chromeinstaller.exe <==== ATTENTION Task: C:\Windows\Tasks\SuperLyrics-16-firefoxinstaller.job => C:\Users\Same\AppData\Local\SuperLyrics-16-BrowserExtensionUninstall\SuperLyrics-16-firefoxinstaller.exe <==== ATTENTION ==================== Loaded Modules (whitelisted) ============= 2010-03-05 09:21 - 2010-03-05 09:21 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll 2013-08-14 16:19 - 2013-08-14 16:19 - 00039056 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe 2013-09-05 01:17 - 2013-09-05 01:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF 2010-10-20 09:23 - 2010-10-20 09:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll 2010-03-05 09:21 - 2010-03-05 09:21 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\LIBEAY32.dll 2011-09-17 17:31 - 2010-08-20 03:10 - 03067904 _____ () C:\Program Files (x86)\Besta\PSH2.0\PSH2.exe 2010-06-10 17:12 - 2010-06-10 17:12 - 00016384 ____R () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll 2010-06-21 21:36 - 2010-06-21 21:36 - 00270336 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll 2011-06-24 22:56 - 2011-06-24 22:56 - 00087328 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll 2011-06-24 22:56 - 2011-06-24 22:56 - 01241888 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll 2013-03-11 15:57 - 2007-05-31 08:38 - 00167936 ____N () C:\Windows\SysWOW64\SerialXP.dll 2011-03-04 12:49 - 2011-03-04 12:49 - 00202752 _____ () C:\Program Files (x86)\Cisco Systems\VPN Client\vpnapi.dll 2013-10-19 01:55 - 2013-10-19 01:55 - 25100288 _____ () C:\Users\Toni\AppData\Roaming\Dropbox\bin\libcef.dll 2011-09-17 17:31 - 2010-08-20 03:09 - 00278528 _____ () C:\Program Files (x86)\Besta\PSH2.0\bdbcoreU.dll 2011-09-17 17:31 - 2010-08-12 08:31 - 00028672 _____ () C:\Program Files (x86)\Besta\PSH2.0\PSHPub.dll 2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF 2010-10-20 09:45 - 2010-10-20 09:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll 2014-04-14 22:30 - 2014-04-14 22:30 - 03642480 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ==================== Alternate Data Streams (whitelisted) ========= ==================== Safe Mode (whitelisted) =================== HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MSIServer => ""="Service" ==================== Disabled items from MSCONFIG ============== MSCONFIG\Services: EventSystem => 2 MSCONFIG\Services: IPBusEnum => 3 MSCONFIG\Services: KtmRm => 3 MSCONFIG\Services: MyWiFiDHCPDNS => 3 MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk => C:\Windows\pss\Bluetooth.lnk.CommonStartup MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^vpngui.exe.lnk => C:\Windows\pss\vpngui.exe.lnk.CommonStartup MSCONFIG\startupfolder: C:^Users^Toni^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk => MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" MSCONFIG\startupreg: Google Update => "C:\Users\Toni\AppData\Local\Google\Update\GoogleUpdate.exe" /c MSCONFIG\startupreg: HP Quick Launch => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe MSCONFIG\startupreg: HPAdvisorDock => C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe" MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime MSCONFIG\startupreg: SmartMenu => C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe /background MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" MSCONFIG\startupreg: VitaKeyTSR => C:\Program Files (x86)\Hewlett-Packard\HP SimplePass Identity Protection\EgisTSR.exe /run MSCONFIG\startupreg: WinampAgent => "C:\Program Files (x86)\Winamp\winampa.exe" ==================== Faulty Device Manager Devices ============= Name: Shrew Soft Lightweight Filter Description: Shrew Soft Lightweight Filter Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: vflt Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. Name: Cisco Systems VPN Adapter for 64-bit Windows Description: Cisco Systems VPN Adapter for 64-bit Windows Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Cisco Systems Service: CVirtA Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: Broadcom 2070 Bluetooth Description: Broadcom 2070 Bluetooth Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974} Manufacturer: Broadcom Service: BTHUSB Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ========================= Application errors: ================== Error: (04/15/2014 01:12:45 PM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: DivXUpdate.exe, Version: 1.0.6.88, Zeitstempel: 0x511afc59 Name des fehlerhaften Moduls: netprofm.dll_unloaded, Version: 0.0.0.0, Zeitstempel: 0x4a5bda75 Ausnahmecode: 0xc0000005 Fehleroffset: 0x74a12505 ID des fehlerhaften Prozesses: 0xe44 Startzeit der fehlerhaften Anwendung: 0xDivXUpdate.exe0 Pfad der fehlerhaften Anwendung: DivXUpdate.exe1 Pfad des fehlerhaften Moduls: DivXUpdate.exe2 Berichtskennung: DivXUpdate.exe3 Error: (04/15/2014 01:01:59 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT) Description: Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich. Error: (04/15/2014 01:01:59 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT) Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich. Error: (04/15/2014 01:01:57 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT) Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich. Error: (04/14/2014 09:43:01 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT) Description: Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich. Error: (04/14/2014 09:43:01 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT) Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich. Error: (04/14/2014 09:43:01 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT) Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich. Error: (04/13/2014 11:22:02 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT) Description: Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich. Error: (04/13/2014 11:22:02 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT) Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich. Error: (04/13/2014 11:22:02 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT) Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich. System errors: ============= Error: (04/15/2014 01:06:43 PM) (Source: DCOM) (User: ) Description: {4991D34B-80A1-4291-83B6-3328366B9097} Error: (04/15/2014 01:05:31 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Windows Update" wurde nicht richtig gestartet. Error: (04/15/2014 01:03:30 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Windows Search" wurde nicht richtig gestartet. Error: (04/15/2014 01:01:10 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Software Protection" wurde nicht richtig gestartet. Error: (04/15/2014 01:00:55 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Windows Search" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error: (04/15/2014 01:00:55 PM) (Source: Service Control Manager) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Windows Search erreicht. Error: (04/15/2014 01:00:12 PM) (Source: Service Control Manager) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Windows-Fehlerberichterstattungsdienst erreicht. Error: (04/15/2014 01:00:55 PM) (Source: DCOM) (User: ) Description: 1053WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} Error: (04/15/2014 00:58:17 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "HP Health Check Service" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error: (04/15/2014 00:58:04 PM) (Source: Service Control Manager) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Microsoft .NET Framework NGEN v4.0.30319_X64 erreicht. Microsoft Office Sessions: ========================= Error: (04/15/2014 01:12:45 PM) (Source: Application Error)(User: ) Description: DivXUpdate.exe1.0.6.88511afc59netprofm.dll_unloaded0.0.0.04a5bda75c000000574a12505e4401cf589a76a5f90cC:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exenetprofm.dllde596457-c48e-11e3-9d03-8919da569e5c Error: (04/15/2014 01:01:59 PM) (Source: Microsoft-Windows-LoadPerf)(User: NT-AUTORITÄT) Description: WmiApRplWmiApRpl8F20300004D070000 Error: (04/15/2014 01:01:59 PM) (Source: Microsoft-Windows-LoadPerf)(User: NT-AUTORITÄT) Description: Performance1637070000000000000000000009030000 Error: (04/15/2014 01:01:57 PM) (Source: Microsoft-Windows-LoadPerf)(User: NT-AUTORITÄT) Description: Performance1637070000000000000000000009030000 Error: (04/14/2014 09:43:01 PM) (Source: Microsoft-Windows-LoadPerf)(User: NT-AUTORITÄT) Description: WmiApRplWmiApRpl8F20300004D070000 Error: (04/14/2014 09:43:01 PM) (Source: Microsoft-Windows-LoadPerf)(User: NT-AUTORITÄT) Description: Performance1637070000000000000000000009030000 Error: (04/14/2014 09:43:01 PM) (Source: Microsoft-Windows-LoadPerf)(User: NT-AUTORITÄT) Description: Performance1637070000000000000000000009030000 Error: (04/13/2014 11:22:02 PM) (Source: Microsoft-Windows-LoadPerf)(User: NT-AUTORITÄT) Description: WmiApRplWmiApRpl8F20300004D070000 Error: (04/13/2014 11:22:02 PM) (Source: Microsoft-Windows-LoadPerf)(User: NT-AUTORITÄT) Description: Performance1637070000000000000000000009030000 Error: (04/13/2014 11:22:02 PM) (Source: Microsoft-Windows-LoadPerf)(User: NT-AUTORITÄT) Description: Performance1637070000000000000000000009030000 CodeIntegrity Errors: =================================== Date: 2014-04-15 12:53:02.899 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\vfilter.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2014-04-15 12:53:02.852 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\vfilter.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2014-04-13 23:11:18.666 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\vfilter.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2014-04-13 23:11:18.620 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\vfilter.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2014-04-13 23:01:45.768 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\vfilter.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2014-04-13 23:01:45.721 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\vfilter.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2014-04-09 23:22:38.139 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\vfilter.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2014-04-09 23:22:38.092 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\vfilter.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2014-03-28 16:00:22.139 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\vfilter.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2014-03-28 16:00:22.092 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\vfilter.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. ==================== Memory info =========================== Percentage of memory in use: 45% Total physical RAM: 3893.86 MB Available physical RAM: 2118.51 MB Total Pagefile: 7785.9 MB Available Pagefile: 5872.11 MB Total Virtual: 8192 MB Available Virtual: 8191.8 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:222.11 GB) (Free:8.41 GB) NTFS ==>[System with boot components (obtained from reading drive)] Drive d: (RECOVERY) (Fixed) (Total:24.35 GB) (Free:3.37 GB) NTFS ==>[System with boot components (obtained from reading drive)] Drive g: (Daten) (Fixed) (Total:219 GB) (Free:21.68 GB) NTFS Drive i: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.09 GB) FAT32 ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 466 GB) (Disk ID: 908943E4) Partition 1: (Active) - (Size=199 MB) - (Type=42) Partition 2: (Not Active) - (Size=222 GB) - (Type=42) Partition 3: (Not Active) - (Size=24 GB) - (Type=42) Partition 4: (Not Active) - (Size=103 MB) - (Type=42) ==================== End Of Log ============================ |
16.04.2014, 10:16 | #4 |
/// the machine /// TB-Ausbilder | Festplattenzugriff sehr langsam - Malware? Downloade Dir bitte Malwarebytes Anti-Malware
Downloade Dir bitte AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
20.04.2014, 23:07 | #5 |
| Festplattenzugriff sehr langsam - Malware? Vielen Dank! Die Logs sind wohl zu lange, und irgendwie hängt sich der PC beim Archive-Machen auf, ich teile den Beitrag jetzt also ausnahmsweise mal in 2. Hoffe, das ist ok! Die mbam.txt: Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 16.04.2014 Suchlauf-Zeit: 15:40:04 Logdatei: mbam right.txt Administrator: Ja Version: 2.00.1.1004 Malware Datenbank: v2014.04.16.05 Rootkit Datenbank: v2014.03.27.01 Lizenz: Testversion Malware Schutz: Aktiviert Bösartiger Webseiten Schutz: Aktiviert Chameleon: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x64 Dateisystem: NTFS Benutzer: Toni Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 320004 Verstrichene Zeit: 58 Min, 54 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Aktiviert Shuriken: Aktiviert PUP: Warnen PUM: Aktiviert Prozesse: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registrierungsschlüssel: 8 PUP.Optional.InstallCore.A, HKU\S-1-5-21-1437298276-3645973725-722044047-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE, In Quarantäne, [9c645fa17f81b44cab570c8633d016ea], PUP.Optional.Softonic.A, HKU\S-1-5-21-1437298276-3645973725-722044047-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SOFTONIC\Universal Downloader, In Quarantäne, [fe02867aee1247b9d20c1257e61c8878], PUP.Optional.SmartBar, HKU\S-1-5-21-1437298276-3645973725-722044047-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SmartbarBackup, In Quarantäne, [ed131ae6f60ad32d0f89b5f58d7647b9], PUP.Optional.SmartBar, HKU\S-1-5-21-1437298276-3645973725-722044047-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SmartbarLog, In Quarantäne, [1ae639c7e818f50b2b6c2387c63df808], PUP.Optional.Lyrics.A, HKU\S-1-5-21-1437298276-3645973725-722044047-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\SuperLyrics-16, In Quarantäne, [ed134bb5d12fae529d079fccfe04be42], PUP.Optional.Feven.A, HKU\S-1-5-21-1437298276-3645973725-722044047-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\Feven, In Quarantäne, [936db8489868d22ee07be9b7bc4757a9], PUP.Optional.Lyrics.A, HKU\S-1-5-21-1437298276-3645973725-722044047-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\PassWizard, In Quarantäne, [b44c7c84b24ed0301c552b70c2419e62], PUP.Optional.SuperLyrics.A, HKU\S-1-5-21-1437298276-3645973725-722044047-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\SuperLyrics-16, In Quarantäne, [1ce40af64eb20df3fe04bcaa3ec440c0], Registrierungswerte: 1 PUP.Optional.InstallCore.A, HKU\S-1-5-21-1437298276-3645973725-722044047-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE|tb, 0C1K1O2X1H1Q1KtF1FtG1O, In Quarantäne, [9c645fa17f81b44cab570c8633d016ea] Registrierungsdaten: 7 PUP.Optional.Conduit.A, HKU\S-1-5-21-1437298276-3645973725-722044047-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://search.conduit.com/?ctid=CT3314958&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=2&UP=SP50F5CAE3-AA79-4F90-9244-0500FEC0D980&SSPV=, Gut: (hxxp://www.google.com), Schlecht: (hxxp://search.conduit.com/?ctid=CT3314958&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=2&UP=SP50F5CAE3-AA79-4F90-9244-0500FEC0D980&SSPV=),Ersetzt,[0ff1aa5688781fe15a2e9a8107fd34cc] PUP.Optional.Snapdo, HKU\S-1-5-21-1437298276-3645973725-722044047-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://feed.snapdo.com/?publisher=Tuguu&dpid=TuguuCR&co=DE&userid=14cd5bce-ca82-dc68-f5d6-30b69613d004&searchtype=hp&installDate={installDate}, Gut: (hxxp://www.google.com), Schlecht: (hxxp://feed.snapdo.com/?publisher=Tuguu&dpid=TuguuCR&co=DE&userid=14cd5bce-ca82-dc68-f5d6-30b69613d004&searchtype=hp&installDate={installDate}),Ersetzt,[f20eeb1535cbbe42424f978db05434cc] PUP.Optional.Snapdo, HKU\S-1-5-21-1437298276-3645973725-722044047-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, hxxp://feed.snapdo.com/?publisher=Tuguu&dpid=TuguuCR&co=DE&userid=14cd5bce-ca82-dc68-f5d6-30b69613d004&searchtype=ds&q={searchTerms}&installDate={installDate}, Gut: (hxxp://www.google.com), Schlecht: (hxxp://feed.snapdo.com/?publisher=Tuguu&dpid=TuguuCR&co=DE&userid=14cd5bce-ca82-dc68-f5d6-30b69613d004&searchtype=ds&q={searchTerms}&installDate={installDate}),Ersetzt,[857b3dc3b54b11efa9e7de46d72d7b85] PUP.Optional.Snapdo, HKU\S-1-5-21-1437298276-3645973725-722044047-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Bar, hxxp://feed.snapdo.com/?publisher=Tuguu&dpid=TuguuCR&co=DE&userid=14cd5bce-ca82-dc68-f5d6-30b69613d004&searchtype=ds&q={searchTerms}&installDate={installDate}, Gut: (hxxp://www.google.com), Schlecht: (hxxp://feed.snapdo.com/?publisher=Tuguu&dpid=TuguuCR&co=DE&userid=14cd5bce-ca82-dc68-f5d6-30b69613d004&searchtype=ds&q={searchTerms}&installDate={installDate}),Ersetzt,[a25e13edcb35966ad0bf1311fa0a669a] PUP.Optional.Snapdo, HKU\S-1-5-21-1437298276-3645973725-722044047-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|Default_Search_URL, hxxp://feed.snapdo.com/?publisher=Tuguu&dpid=TuguuCR&co=DE&userid=14cd5bce-ca82-dc68-f5d6-30b69613d004&searchtype=ds&q={searchTerms}&installDate={installDate}, Gut: (hxxp://www.google.com), Schlecht: (hxxp://feed.snapdo.com/?publisher=Tuguu&dpid=TuguuCR&co=DE&userid=14cd5bce-ca82-dc68-f5d6-30b69613d004&searchtype=ds&q={searchTerms}&installDate={installDate}),Ersetzt,[3ec2cd338d739769c4ceac78ea1ae41c] PUP.Optional.Snapdo, HKU\S-1-5-21-1437298276-3645973725-722044047-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|SearchAssistant, hxxp://feed.snapdo.com/?publisher=Tuguu&dpid=TuguuCR&co=DE&userid=14cd5bce-ca82-dc68-f5d6-30b69613d004&searchtype=ds&q={searchTerms}&installDate={installDate}, Gut: (hxxp://www.google.com), Schlecht: (hxxp://feed.snapdo.com/?publisher=Tuguu&dpid=TuguuCR&co=DE&userid=14cd5bce-ca82-dc68-f5d6-30b69613d004&searchtype=ds&q={searchTerms}&installDate={installDate}),Ersetzt,[936d1fe1eb1538c8246fa0842ed63ac6] PUP.Optional.SnapDo.A, HKU\S-1-5-21-1437298276-3645973725-722044047-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHURL|Default, hxxp://feed.snapdo.com/?publisher=Tuguu&dpid=TuguuCR&co=DE&userid=14cd5bce-ca82-dc68-f5d6-30b69613d004&searchtype=ds&q={searchTerms}&installDate={installDate}, Gut: (www.google.com), Schlecht: (hxxp://feed.snapdo.com/?publisher=Tuguu&dpid=TuguuCR&co=DE&userid=14cd5bce-ca82-dc68-f5d6-30b69613d004&searchtype=ds&q={searchTerms}&installDate={installDate}),Ersetzt,[46ba90700000be426dbb57c460a4a25e] Ordner: 46 PUP.Optional.Desk365.A, C:\Users\Same\AppData\Roaming\Desk 365, In Quarantäne, [639d1ae69a6637c9e7e4fa95748f15eb], PUP.Optional.Desk365.A, C:\Users\Same\AppData\Roaming\Desk 365\components, In Quarantäne, [639d1ae69a6637c9e7e4fa95748f15eb], PUP.Optional.Desk365.A, C:\Users\Same\AppData\Roaming\Desk 365\desk_bkg, In Quarantäne, [639d1ae69a6637c9e7e4fa95748f15eb], PUP.Optional.Desk365.A, C:\Users\Same\AppData\Roaming\Desk 365\promote, In Quarantäne, [639d1ae69a6637c9e7e4fa95748f15eb], PUP.Optional.OpenCandy, C:\Users\Toni\AppData\Roaming\OpenCandy, In Quarantäne, [5fa116ea38c858a876924e0f966c40c0], PUP.Optional.OpenCandy, C:\Users\Toni\AppData\Roaming\OpenCandy\OpenCandy_13DA043A7C264CBF8622166651D0F496, In Quarantäne, [5fa116ea38c858a876924e0f966c40c0], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com, In Quarantäne, [a45c49b7c0404cb4f7e80a58b44efa06], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\chrome, In Quarantäne, [a45c49b7c0404cb4f7e80a58b44efa06], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\chrome\content, In Quarantäne, [a45c49b7c0404cb4f7e80a58b44efa06], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\chrome\content\api, In Quarantäne, [a45c49b7c0404cb4f7e80a58b44efa06], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\chrome\content\core, In Quarantäne, [a45c49b7c0404cb4f7e80a58b44efa06], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\defaults, In Quarantäne, [a45c49b7c0404cb4f7e80a58b44efa06], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\defaults\preferences, In Quarantäne, [a45c49b7c0404cb4f7e80a58b44efa06], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\extensionData, In Quarantäne, [a45c49b7c0404cb4f7e80a58b44efa06], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\extensionData\plugins, In Quarantäne, [a45c49b7c0404cb4f7e80a58b44efa06], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\extensionData\userCode, In Quarantäne, [a45c49b7c0404cb4f7e80a58b44efa06], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\locale, In Quarantäne, [a45c49b7c0404cb4f7e80a58b44efa06], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\locale\en-US, In Quarantäne, [a45c49b7c0404cb4f7e80a58b44efa06], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\skin, In Quarantäne, [a45c49b7c0404cb4f7e80a58b44efa06], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com, In Quarantäne, [7888e02040c0ba469b44d19135cd5ca4], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\chrome, In Quarantäne, [7888e02040c0ba469b44d19135cd5ca4], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\chrome\content, In Quarantäne, [7888e02040c0ba469b44d19135cd5ca4], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\chrome\content\api, In Quarantäne, [7888e02040c0ba469b44d19135cd5ca4], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\chrome\content\core, In Quarantäne, [7888e02040c0ba469b44d19135cd5ca4], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\defaults, In Quarantäne, [7888e02040c0ba469b44d19135cd5ca4], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\defaults\preferences, In Quarantäne, [7888e02040c0ba469b44d19135cd5ca4], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\extensionData, In Quarantäne, [7888e02040c0ba469b44d19135cd5ca4], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\extensionData\plugins, In Quarantäne, [7888e02040c0ba469b44d19135cd5ca4], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\extensionData\userCode, In Quarantäne, [7888e02040c0ba469b44d19135cd5ca4], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\locale, In Quarantäne, [7888e02040c0ba469b44d19135cd5ca4], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\locale\en-US, In Quarantäne, [7888e02040c0ba469b44d19135cd5ca4], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\skin, In Quarantäne, [7888e02040c0ba469b44d19135cd5ca4], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_incpbbmbclbkhjphicahojidkcabaajc_0, In Quarantäne, [f60a639dd42c68988f3dbbaa07fb44bc], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Local\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc, In Quarantäne, [e51b7c8443bd60a03b97a5c0a55d817f], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Local\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.18_0, In Quarantäne, [e51b7c8443bd60a03b97a5c0a55d817f], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Local\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.18_0\extensionData, In Quarantäne, [e51b7c8443bd60a03b97a5c0a55d817f], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Local\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.18_0\extensionData\plugins, In Quarantäne, [e51b7c8443bd60a03b97a5c0a55d817f], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Local\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.18_0\extensionData\userCode, In Quarantäne, [e51b7c8443bd60a03b97a5c0a55d817f], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Local\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.18_0\icons, In Quarantäne, [e51b7c8443bd60a03b97a5c0a55d817f], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Local\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.18_0\icons\actions, In Quarantäne, [e51b7c8443bd60a03b97a5c0a55d817f], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Local\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.18_0\js, In Quarantäne, [e51b7c8443bd60a03b97a5c0a55d817f], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Local\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.18_0\js\api, In Quarantäne, [e51b7c8443bd60a03b97a5c0a55d817f], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Local\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.18_0\js\lib, In Quarantäne, [e51b7c8443bd60a03b97a5c0a55d817f], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Local\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.18_0\js\lib\popupResource, In Quarantäne, [e51b7c8443bd60a03b97a5c0a55d817f], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\incpbbmbclbkhjphicahojidkcabaajc, In Quarantäne, [be4238c87888c53b9d3c98cdf80a04fc], PUP.Optional.SuperLyrics.A, C:\Users\Same\AppData\Local\SuperLyrics-16-BrowserExtensionUninstall, In Quarantäne, [1ce40af64eb20df3fe04bcaa3ec440c0], Dateien: 397 PUP.Optional.Conduit.A, C:\Users\Toni\AppData\Local\Temp\SPSetup.exe, In Quarantäne, [8779d927a85842be96478b8ddb26fc04], PUP.Optional.SearchProtect.A, C:\Users\Toni\AppData\Local\Temp\nsxF251.exe, In Quarantäne, [5aa61fe131cfe719549a65be0ef34ab6], PUP.Optional.SearchProtect.A, C:\Windows\temp\nsgBB8A.exe, In Quarantäne, [f50b02fe7a867e8299555cc73ac703fd], PUP.Optional.SearchProtect.A, C:\Windows\temp\nslCE40.exe, In Quarantäne, [13edd52b2cd4b050638b54cf6d9420e0], PUP.Optional.SearchProtect.A, C:\Windows\temp\nsq1033.exe, In Quarantäne, [88787888dd234bb5c82626fd0cf51ce4], PUP.Optional.SearchProtect.A, C:\Windows\temp\nsqD255.exe, In Quarantäne, [60a0cc34ec148a7621cdd54e56ab8b75], PUP.Optional.SearchProtect.A, C:\Windows\temp\nsqE452.exe, In Quarantäne, [fd03c13ff30d877921cd47dc4bb6fe02], PUP.Optional.SearchProtect.A, C:\Windows\temp\nsqE453.exe, In Quarantäne, [9f611be57d83718fa44a0e156998d62a], PUP.Optional.SearchProtect.A, C:\Windows\temp\nst52C5.exe, In Quarantäne, [ef11817f06fa4ab611dd9e852ad75ca4], PUP.Optional.SearchProtect.A, C:\Windows\temp\nsvB7F1.exe, In Quarantäne, [847cde22c63ae917a34be0436c95956b], PUP.Optional.SearchProtect.A, C:\Windows\temp\nsw2E2F.exe, In Quarantäne, [ca369070e21e3bc52bc36bb8d928ba46], PUP.Optional.SearchProtect.A, C:\Windows\temp\nsyAA09.exe, In Quarantäne, [bd4334ccf10feb15b93577ac837e0df3], PUP.Optional.BundleInstaller.A, C:\Users\Same\Downloads\Setup (1).exe, In Quarantäne, [13edad533cc497690ef265bfa15f12ee], PUP.Optional.Firseria, C:\Users\Same\Downloads\Setup (2).exe, In Quarantäne, [a759e917b24ec7394f8cde6bcd377d83], PUP.Optional.BundleInstaller.A, C:\Users\Same\Downloads\Setup.exe, In Quarantäne, [867ac838619f5ca4b34d47dd20e00ef2], PUP.Optional.DomaIQ, C:\Users\Same\Downloads\Java (1).exe, In Quarantäne, [5ca47789d927a45ce86566bae021e31d], PUP.Optional.DomaIQ, C:\Users\Same\Downloads\Java (2).exe, In Quarantäne, [af51ab5517e9cd3379d42000e918b34d], PUP.Optional.DomaIQ, C:\Users\Same\Downloads\Java (3).exe, In Quarantäne, [5ea2f10fc63a19e74508061af011e11f], PUP.Optional.DomaIQ, C:\Users\Same\Downloads\Java.exe, In Quarantäne, [669a8f7127d9c7390746f42c7f82629e], PUP.Optional.InstalleRex, C:\Users\Toni\Downloads\Download.exe, In Quarantäne, [0af602feb05027d9dbaca192ba47fd03], PUP.Optional.Softonic.A, C:\Users\Toni\Downloads\SoftonicDownloader_fuer_hijackthis.exe, In Quarantäne, [0cf450b025db1ee2f9a71604e1206997], PUP.Optional.Feven.A, C:\Users\Same\AppData\Local\Feven 1.5-BrowserExtensionUninstall\Feven 1.5-chromeinstaller.exe, In Quarantäne, [ea16f60add235ea204e9a69dc93841bf], PUP.Optional.Feven.A, C:\Users\Same\AppData\Local\Feven 1.5-BrowserExtensionUninstall\Feven 1.5-firefoxinstaller.exe, In Quarantäne, [1ee2837d52ae0000816c1a292fd2a060], PUP.Optional.Feven.A, C:\Users\Same\AppData\Local\Feven 1.5-BrowserExtensionUninstall\utils.exe, In Quarantäne, [827e649c748cdb258257e25d6a96867a], PUP.Optional.TubeSing.A, C:\Users\Same\AppData\Local\SuperLyrics-16-BrowserExtensionUninstall\utils.exe, In Quarantäne, [60a0dc24a45c11ef714346e160a1be42], Malware.Gen, C:\Users\Toni\Desktop\Desktop\nvivo 7\Keygen.exe, In Quarantäne, [b64a60a055ab60a0357aaba4c739936d], Malware.Gen, C:\Users\Toni\Desktop\Desktop\nvivo 7\qsrnvivov7.0.281.0sp4keygenhaze.zip, In Quarantäne, [5ea2ba4644bc6b956b444f008b7552ae], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_incpbbmbclbkhjphicahojidkcabaajc_0.localstorage, In Quarantäne, [2dd3e51b867a8878c2d75a11738fb050], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_incpbbmbclbkhjphicahojidkcabaajc_0.localstorage-journal, In Quarantäne, [9b65d22ee41c77898e0beb803ec49c64], PUP.Optional.WebSearch.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\searchplugins\Web Search.xml, In Quarantäne, [ac546a96ee122cd46b152d445aa8d12f], PUP.Optional.Desk365.A, C:\Users\Same\AppData\Roaming\Desk 365\promote.xml, In Quarantäne, [639d1ae69a6637c9e7e4fa95748f15eb], PUP.Optional.Desk365.A, C:\Users\Same\AppData\Roaming\Desk 365\accelerate, In Quarantäne, [639d1ae69a6637c9e7e4fa95748f15eb], PUP.Optional.Desk365.A, C:\Users\Same\AppData\Roaming\Desk 365\desk_bkg_list.xml, In Quarantäne, [639d1ae69a6637c9e7e4fa95748f15eb], PUP.Optional.Desk365.A, C:\Users\Same\AppData\Roaming\Desk 365\desk_bkg\desk_bkg_1.png, In Quarantäne, [639d1ae69a6637c9e7e4fa95748f15eb], PUP.Optional.Desk365.A, C:\Users\Same\AppData\Roaming\Desk 365\desk_bkg\desk_bkg_2.png, In Quarantäne, [639d1ae69a6637c9e7e4fa95748f15eb], PUP.Optional.Desk365.A, C:\Users\Same\AppData\Roaming\Desk 365\desk_bkg\desk_bkg_3.png, In Quarantäne, [639d1ae69a6637c9e7e4fa95748f15eb], PUP.Optional.Desk365.A, C:\Users\Same\AppData\Roaming\Desk 365\desk_bkg\desk_bkg_4.png, In Quarantäne, [639d1ae69a6637c9e7e4fa95748f15eb], PUP.Optional.Desk365.A, C:\Users\Same\AppData\Roaming\Desk 365\desk_bkg\desk_bkg_5.png, In Quarantäne, [639d1ae69a6637c9e7e4fa95748f15eb], PUP.Optional.Desk365.A, C:\Users\Same\AppData\Roaming\Desk 365\desk_bkg\desk_bkg_default.png, In Quarantäne, [639d1ae69a6637c9e7e4fa95748f15eb], PUP.Optional.Desk365.A, C:\Users\Same\AppData\Roaming\Desk 365\promote\337.ico, In Quarantäne, [639d1ae69a6637c9e7e4fa95748f15eb], PUP.Optional.Desk365.A, C:\Users\Same\AppData\Roaming\Desk 365\promote\barbie.ico, In Quarantäne, [639d1ae69a6637c9e7e4fa95748f15eb], PUP.Optional.Desk365.A, C:\Users\Same\AppData\Roaming\Desk 365\promote\facebook.ico, In Quarantäne, [639d1ae69a6637c9e7e4fa95748f15eb], PUP.Optional.Desk365.A, C:\Users\Same\AppData\Roaming\Desk 365\promote\GameCenter.ico, In Quarantäne, [639d1ae69a6637c9e7e4fa95748f15eb], PUP.Optional.Desk365.A, C:\Users\Same\AppData\Roaming\Desk 365\promote\google.ico, In Quarantäne, [639d1ae69a6637c9e7e4fa95748f15eb], PUP.Optional.Desk365.A, C:\Users\Same\AppData\Roaming\Desk 365\promote\mario.ico, In Quarantäne, [639d1ae69a6637c9e7e4fa95748f15eb], PUP.Optional.Desk365.A, C:\Users\Same\AppData\Roaming\Desk 365\promote\twitter.ico, In Quarantäne, [639d1ae69a6637c9e7e4fa95748f15eb], PUP.Optional.Desk365.A, C:\Users\Same\AppData\Roaming\Desk 365\promote\v9.ico, In Quarantäne, [639d1ae69a6637c9e7e4fa95748f15eb], PUP.Optional.Desk365.A, C:\Users\Same\AppData\Roaming\Desk 365\promote\youtube.ico, In Quarantäne, [639d1ae69a6637c9e7e4fa95748f15eb], PUP.Optional.Desk365.A, C:\Users\Same\AppData\Roaming\Microsoft\Windows\SendTo\Desk 365.lnk, In Quarantäne, [857bbc44a858c43cc819712712f148b8], PUP.Optional.SuperLyrics.A, C:\Windows\Tasks\SuperLyrics-16-chromeinstaller.job, In Quarantäne, [cc34ce328c74a35d97471b7e37cc2dd3], PUP.Optional.SuperLyrics.A, C:\Windows\Tasks\SuperLyrics-16-firefoxinstaller.job, In Quarantäne, [cd33817fa8580ef2538b05948083ea16], PUP.Optional.Feven.A, C:\Windows\Tasks\Feven 1.5-chromeinstaller.job, In Quarantäne, [22def20eb64aee124514bfe116ed857b], PUP.Optional.Feven.A, C:\Windows\Tasks\Feven 1.5-firefoxinstaller.job, In Quarantäne, [619f45bb60a0a0606aef9a06a45f0df3], PUP.Optional.OpenCandy, C:\Users\Toni\AppData\Roaming\OpenCandy\OpenCandy_13DA043A7C264CBF8622166651D0F496\1600.ico, In Quarantäne, [5fa116ea38c858a876924e0f966c40c0], PUP.Optional.OpenCandy, C:\Users\Toni\AppData\Roaming\OpenCandy\OpenCandy_13DA043A7C264CBF8622166651D0F496\PCBeschleunigen.exe, In Quarantäne, [5fa116ea38c858a876924e0f966c40c0], PUP.Optional.OpenCandy, C:\Users\Toni\AppData\Roaming\OpenCandy\OpenCandy_13DA043A7C264CBF8622166651D0F496\SpeedstarterDE.exe, In Quarantäne, [5fa116ea38c858a876924e0f966c40c0], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\chrome.manifest, In Quarantäne, [a45c49b7c0404cb4f7e80a58b44efa06], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\install.rdf, In Quarantäne, [a45c49b7c0404cb4f7e80a58b44efa06], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\chrome\content\api.js, In Quarantäne, [a45c49b7c0404cb4f7e80a58b44efa06], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\chrome\content\background.html, In Quarantäne, [a45c49b7c0404cb4f7e80a58b44efa06], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\chrome\content\baseObject.js, In Quarantäne, [a45c49b7c0404cb4f7e80a58b44efa06], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\chrome\content\browser.xul, In Quarantäne, [a45c49b7c0404cb4f7e80a58b44efa06], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\chrome\content\dialog.js, In Quarantäne, [a45c49b7c0404cb4f7e80a58b44efa06], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\chrome\content\main.js, In Quarantäne, [a45c49b7c0404cb4f7e80a58b44efa06], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\chrome\content\options.js, In Quarantäne, [a45c49b7c0404cb4f7e80a58b44efa06], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\chrome\content\options.xul, In Quarantäne, [a45c49b7c0404cb4f7e80a58b44efa06], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\chrome\content\search_dialog.xul, In Quarantäne, [a45c49b7c0404cb4f7e80a58b44efa06], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\chrome\content\api\asyncDB.js, In Quarantäne, [a45c49b7c0404cb4f7e80a58b44efa06], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\chrome\content\api\background.js, In Quarantäne, [a45c49b7c0404cb4f7e80a58b44efa06], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\chrome\content\api\browserAction.js, In Quarantäne, [a45c49b7c0404cb4f7e80a58b44efa06], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\chrome\content\api\contextMenu.js, In Quarantäne, [a45c49b7c0404cb4f7e80a58b44efa06], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\chrome\content\api\dbManager.js, In Quarantäne, [a45c49b7c0404cb4f7e80a58b44efa06], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\chrome\content\api\dom_bg.js, In Quarantäne, [a45c49b7c0404cb4f7e80a58b44efa06], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\chrome\content\api\fileManager.js, In Quarantäne, [a45c49b7c0404cb4f7e80a58b44efa06], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\chrome\content\api\firefox.js, In Quarantäne, [a45c49b7c0404cb4f7e80a58b44efa06], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\chrome\content\api\firefoxNotifications.js, In Quarantäne, [a45c49b7c0404cb4f7e80a58b44efa06], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\chrome\content\api\firefoxOmnibox.js, In Quarantäne, [a45c49b7c0404cb4f7e80a58b44efa06], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\chrome\content\api\message.js, In Quarantäne, [a45c49b7c0404cb4f7e80a58b44efa06], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\chrome\content\api\pageAction.js, In Quarantäne, [a45c49b7c0404cb4f7e80a58b44efa06], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\chrome\content\api\request.js, In Quarantäne, [a45c49b7c0404cb4f7e80a58b44efa06], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\chrome\content\api\tabs.js, In Quarantäne, [a45c49b7c0404cb4f7e80a58b44efa06], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\chrome\content\api\webRequest.js, In Quarantäne, [a45c49b7c0404cb4f7e80a58b44efa06], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\chrome\content\core\console.js, In Quarantäne, [a45c49b7c0404cb4f7e80a58b44efa06], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\chrome\content\core\consts.js, In Quarantäne, [a45c49b7c0404cb4f7e80a58b44efa06], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\chrome\content\core\delegate.js, In Quarantäne, [a45c49b7c0404cb4f7e80a58b44efa06], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\chrome\content\core\extensionDataStore.js, In Quarantäne, [a45c49b7c0404cb4f7e80a58b44efa06], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\chrome\content\core\folderIOWrapper.js, In Quarantäne, [a45c49b7c0404cb4f7e80a58b44efa06], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\chrome\content\core\httpObserver.js, In Quarantäne, [a45c49b7c0404cb4f7e80a58b44efa06], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\chrome\content\core\IDBWrapper.js, In Quarantäne, [a45c49b7c0404cb4f7e80a58b44efa06], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\chrome\content\core\installer.js, In Quarantäne, [a45c49b7c0404cb4f7e80a58b44efa06], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\chrome\content\core\logFile.js, In Quarantäne, [a45c49b7c0404cb4f7e80a58b44efa06], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\chrome\content\core\prefs.js, In Quarantäne, [a45c49b7c0404cb4f7e80a58b44efa06], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\chrome\content\core\progressListenerObserver.js, In Quarantäne, [a45c49b7c0404cb4f7e80a58b44efa06], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\chrome\content\core\registry.js, In Quarantäne, [a45c49b7c0404cb4f7e80a58b44efa06], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\chrome\content\core\reloadObserver.js, In Quarantäne, [a45c49b7c0404cb4f7e80a58b44efa06], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\chrome\content\core\reports.js, In Quarantäne, [a45c49b7c0404cb4f7e80a58b44efa06], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\chrome\content\core\requestObject.js, In Quarantäne, [a45c49b7c0404cb4f7e80a58b44efa06], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\chrome\content\core\searchSettings.js, In Quarantäne, [a45c49b7c0404cb4f7e80a58b44efa06], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\chrome\content\core\uninstallObserver.js, In Quarantäne, [a45c49b7c0404cb4f7e80a58b44efa06], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\chrome\content\core\updateManager.js, In Quarantäne, [a45c49b7c0404cb4f7e80a58b44efa06], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\chrome\content\core\utils.js, In Quarantäne, [a45c49b7c0404cb4f7e80a58b44efa06], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\chrome\content\core\xhr.js, In Quarantäne, [a45c49b7c0404cb4f7e80a58b44efa06], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\defaults\preferences\prefs.js, In Quarantäne, [a45c49b7c0404cb4f7e80a58b44efa06], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\extensionData\manifest.xml, In Quarantäne, [a45c49b7c0404cb4f7e80a58b44efa06], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\extensionData\plugins.json, In Quarantäne, [a45c49b7c0404cb4f7e80a58b44efa06], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\extensionData\plugins\138_getdeal_m.js, In Quarantäne, [a45c49b7c0404cb4f7e80a58b44efa06], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\extensionData\plugins\101_cortica_m.js, In Quarantäne, [a45c49b7c0404cb4f7e80a58b44efa06], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\extensionData\plugins\102_dealply_m.js, In Quarantäne, [a45c49b7c0404cb4f7e80a58b44efa06], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\extensionData\plugins\103_intext_5_m.js, In Quarantäne, [a45c49b7c0404cb4f7e80a58b44efa06], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\extensionData\plugins\104_jollywallet_m.js, In Quarantäne, [a45c49b7c0404cb4f7e80a58b44efa06], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\extensionData\plugins\105_corticas_m.js, In Quarantäne, [a45c49b7c0404cb4f7e80a58b44efa06], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\extensionData\plugins\107_coupish_m.js, In Quarantäne, [a45c49b7c0404cb4f7e80a58b44efa06], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\extensionData\plugins\108_icm_m.js, In Quarantäne, [a45c49b7c0404cb4f7e80a58b44efa06], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\extensionData\plugins\116_ads_only_5_m.js, In Quarantäne, [a45c49b7c0404cb4f7e80a58b44efa06], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\extensionData\plugins\117_coupons_intext_ads_5_m.js, In Quarantäne, [a45c49b7c0404cb4f7e80a58b44efa06], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\extensionData\plugins\119_similar_web_m.js, In Quarantäne, [a45c49b7c0404cb4f7e80a58b44efa06], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\extensionData\plugins\120_luck_m.js, In Quarantäne, [a45c49b7c0404cb4f7e80a58b44efa06], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\extensionData\plugins\170_icm1_5_m.js, In Quarantäne, [a45c49b7c0404cb4f7e80a58b44efa06], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\extensionData\plugins\171_arcadi2_sourceID_m.js, In Quarantäne, [a45c49b7c0404cb4f7e80a58b44efa06], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\extensionData\plugins\174_arcadi_serp_dynamic_id_m.js, In Quarantäne, [a45c49b7c0404cb4f7e80a58b44efa06], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\extensionData\plugins\175_coolmirage_m.js, In Quarantäne, [a45c49b7c0404cb4f7e80a58b44efa06], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\extensionData\plugins\17_jQuery.js, In Quarantäne, [a45c49b7c0404cb4f7e80a58b44efa06], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\extensionData\plugins\1_base.js, In Quarantäne, [a45c49b7c0404cb4f7e80a58b44efa06], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\extensionData\plugins\21_debug.js, In Quarantäne, [a45c49b7c0404cb4f7e80a58b44efa06], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\extensionData\plugins\22_resources.js, In Quarantäne, [a45c49b7c0404cb4f7e80a58b44efa06], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\extensionData\plugins\28_initializer.js, In Quarantäne, [a45c49b7c0404cb4f7e80a58b44efa06], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\extensionData\plugins\47_resources_background.js, In Quarantäne, [a45c49b7c0404cb4f7e80a58b44efa06], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\extensionData\plugins\4_jquery_1_7_1.js, In Quarantäne, [a45c49b7c0404cb4f7e80a58b44efa06], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\extensionData\plugins\64_appApiMessage.js, In Quarantäne, [a45c49b7c0404cb4f7e80a58b44efa06], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\extensionData\plugins\123_intext_adv_m.js, In Quarantäne, [a45c49b7c0404cb4f7e80a58b44efa06], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\extensionData\plugins\124_superfish_no_search_no_coupons_m.js, In Quarantäne, [a45c49b7c0404cb4f7e80a58b44efa06], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\extensionData\plugins\125_arcadi2_m.js, In Quarantäne, [a45c49b7c0404cb4f7e80a58b44efa06], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\extensionData\plugins\126_revizer_ws_m.js, In Quarantäne, [a45c49b7c0404cb4f7e80a58b44efa06], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\extensionData\plugins\127_revizer_p_m.js, In Quarantäne, [a45c49b7c0404cb4f7e80a58b44efa06], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\extensionData\plugins\128_superfish_pricora_m.js, In Quarantäne, [a45c49b7c0404cb4f7e80a58b44efa06], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\extensionData\plugins\129_widdit_m.js, In Quarantäne, [a45c49b7c0404cb4f7e80a58b44efa06], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\extensionData\plugins\135_arcadi3_m.js, In Quarantäne, [a45c49b7c0404cb4f7e80a58b44efa06], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\extensionData\plugins\72_appApiValidation.js, In Quarantäne, [a45c49b7c0404cb4f7e80a58b44efa06], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\extensionData\plugins\78_CrossriderInfo.js, In Quarantäne, [a45c49b7c0404cb4f7e80a58b44efa06], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\extensionData\plugins\7_hooks.js, In Quarantäne, [a45c49b7c0404cb4f7e80a58b44efa06], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\extensionData\plugins\87_ginyas_wrapper.js, In Quarantäne, [a45c49b7c0404cb4f7e80a58b44efa06], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\extensionData\plugins\91_monetizationLoader.js.js, In Quarantäne, [a45c49b7c0404cb4f7e80a58b44efa06], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\extensionData\plugins\92_superfish_m.js, In Quarantäne, [a45c49b7c0404cb4f7e80a58b44efa06], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\extensionData\plugins\93_superfish_no_coupons_m.js, In Quarantäne, [a45c49b7c0404cb4f7e80a58b44efa06], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\extensionData\plugins\98_omniCommands.js, In Quarantäne, [a45c49b7c0404cb4f7e80a58b44efa06], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\extensionData\plugins\9_search_engine_hook.js, In Quarantäne, [a45c49b7c0404cb4f7e80a58b44efa06], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\extensionData\plugins\13_CrossriderAppUtils.js, In Quarantäne, [a45c49b7c0404cb4f7e80a58b44efa06], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\extensionData\plugins\141_corticas_ru_m.js.js, In Quarantäne, [a45c49b7c0404cb4f7e80a58b44efa06], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\extensionData\plugins\142_intext_fa_m.js, In Quarantäne, [a45c49b7c0404cb4f7e80a58b44efa06], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\extensionData\plugins\14_CrossriderUtils.js, In Quarantäne, [a45c49b7c0404cb4f7e80a58b44efa06], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\extensionData\plugins\155_ibario_pops_m.js, In Quarantäne, [a45c49b7c0404cb4f7e80a58b44efa06], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\extensionData\plugins\158_50onred_ads_only_no_fb_m.js, In Quarantäne, [a45c49b7c0404cb4f7e80a58b44efa06], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\extensionData\plugins\159_cortica_rollover_m.js, In Quarantäne, [a45c49b7c0404cb4f7e80a58b44efa06], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\extensionData\plugins\16_FFAppAPIWrapper.js, In Quarantäne, [a45c49b7c0404cb4f7e80a58b44efa06], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\extensionData\userCode\background.js, In Quarantäne, [a45c49b7c0404cb4f7e80a58b44efa06], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\extensionData\userCode\extension.js, In Quarantäne, [a45c49b7c0404cb4f7e80a58b44efa06], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\locale\en-US\translations.dtd, In Quarantäne, [a45c49b7c0404cb4f7e80a58b44efa06], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\skin\button1.png, In Quarantäne, [a45c49b7c0404cb4f7e80a58b44efa06], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\skin\button2.png, In Quarantäne, [a45c49b7c0404cb4f7e80a58b44efa06], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\skin\button3.png, In Quarantäne, [a45c49b7c0404cb4f7e80a58b44efa06], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\skin\button4.png, In Quarantäne, [a45c49b7c0404cb4f7e80a58b44efa06], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\skin\button5.png, In Quarantäne, [a45c49b7c0404cb4f7e80a58b44efa06], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\skin\crossrider_statusbar.png, In Quarantäne, [a45c49b7c0404cb4f7e80a58b44efa06], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\skin\icon128.png, In Quarantäne, [a45c49b7c0404cb4f7e80a58b44efa06], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\skin\icon16.png, In Quarantäne, [a45c49b7c0404cb4f7e80a58b44efa06], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\skin\icon24.png, In Quarantäne, [a45c49b7c0404cb4f7e80a58b44efa06], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\skin\icon48.png, In Quarantäne, [a45c49b7c0404cb4f7e80a58b44efa06], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\skin\panelarrow-up.png, In Quarantäne, [a45c49b7c0404cb4f7e80a58b44efa06], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\skin\popup.html, In Quarantäne, [a45c49b7c0404cb4f7e80a58b44efa06], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\skin\skin.css, In Quarantäne, [a45c49b7c0404cb4f7e80a58b44efa06], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\skin\update.css, In Quarantäne, [a45c49b7c0404cb4f7e80a58b44efa06], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\chrome.manifest, In Quarantäne, [7888e02040c0ba469b44d19135cd5ca4], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\install.rdf, In Quarantäne, [7888e02040c0ba469b44d19135cd5ca4], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\chrome\content\api.js, In Quarantäne, [7888e02040c0ba469b44d19135cd5ca4], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\chrome\content\background.html, In Quarantäne, [7888e02040c0ba469b44d19135cd5ca4], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\chrome\content\baseObject.js, In Quarantäne, [7888e02040c0ba469b44d19135cd5ca4], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\chrome\content\browser.xul, In Quarantäne, [7888e02040c0ba469b44d19135cd5ca4], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\chrome\content\dialog.js, In Quarantäne, [7888e02040c0ba469b44d19135cd5ca4], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\chrome\content\main.js, In Quarantäne, [7888e02040c0ba469b44d19135cd5ca4], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\chrome\content\options.js, In Quarantäne, [7888e02040c0ba469b44d19135cd5ca4], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\chrome\content\options.xul, In Quarantäne, [7888e02040c0ba469b44d19135cd5ca4], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\chrome\content\search_dialog.xul, In Quarantäne, [7888e02040c0ba469b44d19135cd5ca4], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\chrome\content\api\asyncDB.js, In Quarantäne, [7888e02040c0ba469b44d19135cd5ca4], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\chrome\content\api\background.js, In Quarantäne, [7888e02040c0ba469b44d19135cd5ca4], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\chrome\content\api\browserAction.js, In Quarantäne, [7888e02040c0ba469b44d19135cd5ca4], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\chrome\content\api\contextMenu.js, In Quarantäne, [7888e02040c0ba469b44d19135cd5ca4], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\chrome\content\api\dbManager.js, In Quarantäne, [7888e02040c0ba469b44d19135cd5ca4], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\chrome\content\api\dom_bg.js, In Quarantäne, [7888e02040c0ba469b44d19135cd5ca4], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\chrome\content\api\fileManager.js, In Quarantäne, [7888e02040c0ba469b44d19135cd5ca4], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\chrome\content\api\firefox.js, In Quarantäne, [7888e02040c0ba469b44d19135cd5ca4], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\chrome\content\api\firefoxNotifications.js, In Quarantäne, [7888e02040c0ba469b44d19135cd5ca4], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\chrome\content\api\firefoxOmnibox.js, In Quarantäne, [7888e02040c0ba469b44d19135cd5ca4], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\chrome\content\api\message.js, In Quarantäne, [7888e02040c0ba469b44d19135cd5ca4], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\chrome\content\api\pageAction.js, In Quarantäne, [7888e02040c0ba469b44d19135cd5ca4], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\chrome\content\api\request.js, In Quarantäne, [7888e02040c0ba469b44d19135cd5ca4], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\chrome\content\api\tabs.js, In Quarantäne, [7888e02040c0ba469b44d19135cd5ca4], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\chrome\content\api\webRequest.js, In Quarantäne, [7888e02040c0ba469b44d19135cd5ca4], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\chrome\content\core\console.js, In Quarantäne, [7888e02040c0ba469b44d19135cd5ca4], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\chrome\content\core\consts.js, In Quarantäne, [7888e02040c0ba469b44d19135cd5ca4], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\chrome\content\core\delegate.js, In Quarantäne, [7888e02040c0ba469b44d19135cd5ca4], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\chrome\content\core\extensionDataStore.js, In Quarantäne, [7888e02040c0ba469b44d19135cd5ca4], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\chrome\content\core\folderIOWrapper.js, In Quarantäne, [7888e02040c0ba469b44d19135cd5ca4], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\chrome\content\core\httpObserver.js, In Quarantäne, [7888e02040c0ba469b44d19135cd5ca4], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\chrome\content\core\IDBWrapper.js, In Quarantäne, [7888e02040c0ba469b44d19135cd5ca4], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\chrome\content\core\installer.js, In Quarantäne, [7888e02040c0ba469b44d19135cd5ca4], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\chrome\content\core\logFile.js, In Quarantäne, [7888e02040c0ba469b44d19135cd5ca4], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\chrome\content\core\prefs.js, In Quarantäne, [7888e02040c0ba469b44d19135cd5ca4], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\chrome\content\core\progressListenerObserver.js, In Quarantäne, [7888e02040c0ba469b44d19135cd5ca4], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\chrome\content\core\registry.js, In Quarantäne, [7888e02040c0ba469b44d19135cd5ca4], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\chrome\content\core\reloadObserver.js, In Quarantäne, [7888e02040c0ba469b44d19135cd5ca4], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\chrome\content\core\reports.js, In Quarantäne, [7888e02040c0ba469b44d19135cd5ca4], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\chrome\content\core\requestObject.js, In Quarantäne, [7888e02040c0ba469b44d19135cd5ca4], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\chrome\content\core\searchSettings.js, In Quarantäne, [7888e02040c0ba469b44d19135cd5ca4], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\chrome\content\core\uninstallObserver.js, In Quarantäne, [7888e02040c0ba469b44d19135cd5ca4], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\chrome\content\core\updateManager.js, In Quarantäne, [7888e02040c0ba469b44d19135cd5ca4], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\chrome\content\core\utils.js, In Quarantäne, [7888e02040c0ba469b44d19135cd5ca4], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\chrome\content\core\xhr.js, In Quarantäne, [7888e02040c0ba469b44d19135cd5ca4], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\defaults\preferences\prefs.js, In Quarantäne, [7888e02040c0ba469b44d19135cd5ca4], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\extensionData\manifest.xml, In Quarantäne, [7888e02040c0ba469b44d19135cd5ca4], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\extensionData\plugins.json, In Quarantäne, [7888e02040c0ba469b44d19135cd5ca4], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\extensionData\plugins\101_cortica_m.js, In Quarantäne, [7888e02040c0ba469b44d19135cd5ca4], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\extensionData\plugins\102_dealply_m.js, In Quarantäne, [7888e02040c0ba469b44d19135cd5ca4], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\extensionData\plugins\103_intext_5_m.js, In Quarantäne, [7888e02040c0ba469b44d19135cd5ca4], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\extensionData\plugins\104_jollywallet_m.js, In Quarantäne, [7888e02040c0ba469b44d19135cd5ca4], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\extensionData\plugins\105_corticas_m.js, In Quarantäne, [7888e02040c0ba469b44d19135cd5ca4], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\extensionData\plugins\107_coupish_m.js, In Quarantäne, [7888e02040c0ba469b44d19135cd5ca4], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\extensionData\plugins\108_icm_m.js, In Quarantäne, [7888e02040c0ba469b44d19135cd5ca4], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\extensionData\plugins\116_ads_only_5_m.js, In Quarantäne, [7888e02040c0ba469b44d19135cd5ca4], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\extensionData\plugins\117_coupons_intext_ads_5_m.js, In Quarantäne, [7888e02040c0ba469b44d19135cd5ca4], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\extensionData\plugins\119_similar_web_m.js, In Quarantäne, [7888e02040c0ba469b44d19135cd5ca4], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\extensionData\plugins\120_luck_m.js, In Quarantäne, [7888e02040c0ba469b44d19135cd5ca4], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\extensionData\plugins\16_FFAppAPIWrapper.js, In Quarantäne, [7888e02040c0ba469b44d19135cd5ca4], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\extensionData\plugins\170_icm1_5_m.js, In Quarantäne, [7888e02040c0ba469b44d19135cd5ca4], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\extensionData\plugins\171_arcadi2_sourceID_m.js, In Quarantäne, [7888e02040c0ba469b44d19135cd5ca4], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\extensionData\plugins\174_arcadi_serp_dynamic_id_m.js, In Quarantäne, [7888e02040c0ba469b44d19135cd5ca4], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\extensionData\plugins\175_coolmirage_m.js, In Quarantäne, [7888e02040c0ba469b44d19135cd5ca4], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\extensionData\plugins\17_jQuery.js, In Quarantäne, [7888e02040c0ba469b44d19135cd5ca4], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\extensionData\plugins\1_base.js, In Quarantäne, [7888e02040c0ba469b44d19135cd5ca4], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\extensionData\plugins\21_debug.js, In Quarantäne, [7888e02040c0ba469b44d19135cd5ca4], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\extensionData\plugins\22_resources.js, In Quarantäne, [7888e02040c0ba469b44d19135cd5ca4], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\extensionData\plugins\28_initializer.js, In Quarantäne, [7888e02040c0ba469b44d19135cd5ca4], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\extensionData\plugins\47_resources_background.js, In Quarantäne, [7888e02040c0ba469b44d19135cd5ca4], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\extensionData\plugins\4_jquery_1_7_1.js, In Quarantäne, [7888e02040c0ba469b44d19135cd5ca4], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\extensionData\plugins\64_appApiMessage.js, In Quarantäne, [7888e02040c0ba469b44d19135cd5ca4], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\extensionData\plugins\123_intext_adv_m.js, In Quarantäne, [7888e02040c0ba469b44d19135cd5ca4], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\extensionData\plugins\124_superfish_no_search_no_coupons_m.js, In Quarantäne, [7888e02040c0ba469b44d19135cd5ca4], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\extensionData\plugins\125_arcadi2_m.js, In Quarantäne, [7888e02040c0ba469b44d19135cd5ca4], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\extensionData\plugins\126_revizer_ws_m.js, In Quarantäne, [7888e02040c0ba469b44d19135cd5ca4], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\extensionData\plugins\127_revizer_p_m.js, In Quarantäne, [7888e02040c0ba469b44d19135cd5ca4], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\extensionData\plugins\128_superfish_pricora_m.js, In Quarantäne, [7888e02040c0ba469b44d19135cd5ca4], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\extensionData\plugins\129_widdit_m.js, In Quarantäne, [7888e02040c0ba469b44d19135cd5ca4], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\extensionData\plugins\135_arcadi3_m.js, In Quarantäne, [7888e02040c0ba469b44d19135cd5ca4], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\extensionData\plugins\138_getdeal_m.js, In Quarantäne, [7888e02040c0ba469b44d19135cd5ca4], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\extensionData\plugins\72_appApiValidation.js, In Quarantäne, [7888e02040c0ba469b44d19135cd5ca4], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\extensionData\plugins\78_CrossriderInfo.js, In Quarantäne, [7888e02040c0ba469b44d19135cd5ca4], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\extensionData\plugins\7_hooks.js, In Quarantäne, [7888e02040c0ba469b44d19135cd5ca4], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\extensionData\plugins\87_ginyas_wrapper.js, In Quarantäne, [7888e02040c0ba469b44d19135cd5ca4], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\extensionData\plugins\91_monetizationLoader.js.js, In Quarantäne, [7888e02040c0ba469b44d19135cd5ca4], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\extensionData\plugins\92_superfish_m.js, In Quarantäne, [7888e02040c0ba469b44d19135cd5ca4], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\extensionData\plugins\93_superfish_no_coupons_m.js, In Quarantäne, [7888e02040c0ba469b44d19135cd5ca4], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\extensionData\plugins\98_omniCommands.js, In Quarantäne, [7888e02040c0ba469b44d19135cd5ca4], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\extensionData\plugins\9_search_engine_hook.js, In Quarantäne, [7888e02040c0ba469b44d19135cd5ca4], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\extensionData\plugins\13_CrossriderAppUtils.js, In Quarantäne, [7888e02040c0ba469b44d19135cd5ca4], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\extensionData\plugins\141_corticas_ru_m.js.js, In Quarantäne, [7888e02040c0ba469b44d19135cd5ca4], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\extensionData\plugins\142_intext_fa_m.js, In Quarantäne, [7888e02040c0ba469b44d19135cd5ca4], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\extensionData\plugins\14_CrossriderUtils.js, In Quarantäne, [7888e02040c0ba469b44d19135cd5ca4], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\extensionData\plugins\155_ibario_pops_m.js, In Quarantäne, [7888e02040c0ba469b44d19135cd5ca4], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\extensionData\plugins\158_50onred_ads_only_no_fb_m.js, In Quarantäne, [7888e02040c0ba469b44d19135cd5ca4], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\extensionData\plugins\159_cortica_rollover_m.js, In Quarantäne, [7888e02040c0ba469b44d19135cd5ca4], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\extensionData\userCode\background.js, In Quarantäne, [7888e02040c0ba469b44d19135cd5ca4], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\extensionData\userCode\extension.js, In Quarantäne, [7888e02040c0ba469b44d19135cd5ca4], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\locale\en-US\translations.dtd, In Quarantäne, [7888e02040c0ba469b44d19135cd5ca4], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\skin\button1.png, In Quarantäne, [7888e02040c0ba469b44d19135cd5ca4], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\skin\button2.png, In Quarantäne, [7888e02040c0ba469b44d19135cd5ca4], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\skin\button3.png, In Quarantäne, [7888e02040c0ba469b44d19135cd5ca4], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\skin\button4.png, In Quarantäne, [7888e02040c0ba469b44d19135cd5ca4], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\skin\button5.png, In Quarantäne, [7888e02040c0ba469b44d19135cd5ca4], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\skin\crossrider_statusbar.png, In Quarantäne, [7888e02040c0ba469b44d19135cd5ca4], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\skin\icon128.png, In Quarantäne, [7888e02040c0ba469b44d19135cd5ca4], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\skin\icon16.png, In Quarantäne, [7888e02040c0ba469b44d19135cd5ca4], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\skin\icon24.png, In Quarantäne, [7888e02040c0ba469b44d19135cd5ca4], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\skin\icon48.png, In Quarantäne, [7888e02040c0ba469b44d19135cd5ca4], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\skin\panelarrow-up.png, In Quarantäne, [7888e02040c0ba469b44d19135cd5ca4], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\skin\popup.html, In Quarantäne, [7888e02040c0ba469b44d19135cd5ca4], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\skin\skin.css, In Quarantäne, [7888e02040c0ba469b44d19135cd5ca4], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\skin\update.css, In Quarantäne, [7888e02040c0ba469b44d19135cd5ca4], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_incpbbmbclbkhjphicahojidkcabaajc_0\3, In Quarantäne, [f60a639dd42c68988f3dbbaa07fb44bc], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Local\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.18_0\background.html, In Quarantäne, [e51b7c8443bd60a03b97a5c0a55d817f], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Local\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.18_0\crossriderManifest.json, In Quarantäne, [e51b7c8443bd60a03b97a5c0a55d817f], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Local\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.18_0\manifest.json, In Quarantäne, [e51b7c8443bd60a03b97a5c0a55d817f], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Local\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.18_0\popup.html, In Quarantäne, [e51b7c8443bd60a03b97a5c0a55d817f], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Local\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.18_0\extensionData\manifest.xml, In Quarantäne, [e51b7c8443bd60a03b97a5c0a55d817f], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Local\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.18_0\extensionData\plugins.json, In Quarantäne, [e51b7c8443bd60a03b97a5c0a55d817f], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Local\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.18_0\extensionData\plugins\21_debug.js, In Quarantäne, [e51b7c8443bd60a03b97a5c0a55d817f], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Local\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.18_0\extensionData\plugins\101_cortica_m.js, In Quarantäne, [e51b7c8443bd60a03b97a5c0a55d817f], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Local\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.18_0\extensionData\plugins\102_dealply_m.js, In Quarantäne, [e51b7c8443bd60a03b97a5c0a55d817f], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Local\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.18_0\extensionData\plugins\103_intext_5_m.js, In Quarantäne, [e51b7c8443bd60a03b97a5c0a55d817f], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Local\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.18_0\extensionData\plugins\104_jollywallet_m.js, In Quarantäne, [e51b7c8443bd60a03b97a5c0a55d817f], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Local\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.18_0\extensionData\plugins\105_corticas_m.js, In Quarantäne, [e51b7c8443bd60a03b97a5c0a55d817f], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Local\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.18_0\extensionData\plugins\107_coupish_m.js, In Quarantäne, [e51b7c8443bd60a03b97a5c0a55d817f], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Local\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.18_0\extensionData\plugins\108_icm_m.js, In Quarantäne, [e51b7c8443bd60a03b97a5c0a55d817f], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Local\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.18_0\extensionData\plugins\116_ads_only_5_m.js, In Quarantäne, [e51b7c8443bd60a03b97a5c0a55d817f], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Local\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.18_0\extensionData\plugins\117_coupons_intext_ads_5_m.js, In Quarantäne, [e51b7c8443bd60a03b97a5c0a55d817f], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Local\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.18_0\extensionData\plugins\119_similar_web_m.js, In Quarantäne, [e51b7c8443bd60a03b97a5c0a55d817f], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Local\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.18_0\extensionData\plugins\120_luck_m.js, In Quarantäne, [e51b7c8443bd60a03b97a5c0a55d817f], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Local\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.18_0\extensionData\plugins\123_intext_adv_m.js, In Quarantäne, [e51b7c8443bd60a03b97a5c0a55d817f], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Local\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.18_0\extensionData\plugins\124_superfish_no_search_no_coupons_m.js, In Quarantäne, [e51b7c8443bd60a03b97a5c0a55d817f], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Local\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.18_0\extensionData\plugins\125_arcadi2_m.js, In Quarantäne, [e51b7c8443bd60a03b97a5c0a55d817f], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Local\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.18_0\extensionData\plugins\126_revizer_ws_m.js, In Quarantäne, [e51b7c8443bd60a03b97a5c0a55d817f], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Local\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.18_0\extensionData\plugins\127_revizer_p_m.js, In Quarantäne, [e51b7c8443bd60a03b97a5c0a55d817f], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Local\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.18_0\extensionData\plugins\128_superfish_pricora_m.js, In Quarantäne, [e51b7c8443bd60a03b97a5c0a55d817f], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Local\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.18_0\extensionData\plugins\129_widdit_m.js, In Quarantäne, [e51b7c8443bd60a03b97a5c0a55d817f], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Local\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.18_0\extensionData\plugins\135_arcadi3_m.js, In Quarantäne, [e51b7c8443bd60a03b97a5c0a55d817f], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Local\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.18_0\extensionData\plugins\138_getdeal_m.js, In Quarantäne, [e51b7c8443bd60a03b97a5c0a55d817f], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Local\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.18_0\extensionData\plugins\13_CrossriderAppUtils.js, In Quarantäne, [e51b7c8443bd60a03b97a5c0a55d817f], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Local\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.18_0\extensionData\plugins\141_corticas_ru_m.js.js, In Quarantäne, [e51b7c8443bd60a03b97a5c0a55d817f], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Local\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.18_0\extensionData\plugins\142_intext_fa_m.js, In Quarantäne, [e51b7c8443bd60a03b97a5c0a55d817f], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Local\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.18_0\extensionData\plugins\14_CrossriderUtils.js, In Quarantäne, [e51b7c8443bd60a03b97a5c0a55d817f], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Local\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.18_0\extensionData\plugins\155_ibario_pops_m.js, In Quarantäne, [e51b7c8443bd60a03b97a5c0a55d817f], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Local\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.18_0\extensionData\plugins\158_50onred_ads_only_no_fb_m.js, In Quarantäne, [e51b7c8443bd60a03b97a5c0a55d817f], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Local\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.18_0\extensionData\plugins\159_cortica_rollover_m.js, In Quarantäne, [e51b7c8443bd60a03b97a5c0a55d817f], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Local\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.18_0\extensionData\plugins\170_icm1_5_m.js, In Quarantäne, [e51b7c8443bd60a03b97a5c0a55d817f], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Local\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.18_0\extensionData\plugins\171_arcadi2_sourceID_m.js, In Quarantäne, [e51b7c8443bd60a03b97a5c0a55d817f], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Local\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.18_0\extensionData\plugins\174_arcadi_serp_dynamic_id_m.js, In Quarantäne, [e51b7c8443bd60a03b97a5c0a55d817f], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Local\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.18_0\extensionData\plugins\175_coolmirage_m.js, In Quarantäne, [e51b7c8443bd60a03b97a5c0a55d817f], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Local\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.18_0\extensionData\plugins\178_revizer_ws_dynamic_m.js, In Quarantäne, [e51b7c8443bd60a03b97a5c0a55d817f], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Local\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.18_0\extensionData\plugins\179_revizer_p_dynamic_m.js, In Quarantäne, [e51b7c8443bd60a03b97a5c0a55d817f], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Local\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.18_0\extensionData\plugins\17_jQuery.js, In Quarantäne, [e51b7c8443bd60a03b97a5c0a55d817f], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Local\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.18_0\extensionData\plugins\19_CHAppAPIWrapper.js, In Quarantäne, [e51b7c8443bd60a03b97a5c0a55d817f], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Local\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.18_0\extensionData\plugins\1_base.js, In Quarantäne, [e51b7c8443bd60a03b97a5c0a55d817f], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Local\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.18_0\extensionData\plugins\22_resources.js, In Quarantäne, [e51b7c8443bd60a03b97a5c0a55d817f], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Local\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.18_0\extensionData\plugins\28_initializer.js, In Quarantäne, [e51b7c8443bd60a03b97a5c0a55d817f], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Local\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.18_0\extensionData\plugins\47_resources_background.js, In Quarantäne, [e51b7c8443bd60a03b97a5c0a55d817f], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Local\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.18_0\extensionData\plugins\4_jquery_1_7_1.js, In Quarantäne, [e51b7c8443bd60a03b97a5c0a55d817f], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Local\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.18_0\extensionData\plugins\64_appApiMessage.js, In Quarantäne, [e51b7c8443bd60a03b97a5c0a55d817f], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Local\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.18_0\extensionData\plugins\72_appApiValidation.js, In Quarantäne, [e51b7c8443bd60a03b97a5c0a55d817f], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Local\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.18_0\extensionData\plugins\78_CrossriderInfo.js, In Quarantäne, [e51b7c8443bd60a03b97a5c0a55d817f], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Local\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.18_0\extensionData\plugins\7_hooks.js, In Quarantäne, [e51b7c8443bd60a03b97a5c0a55d817f], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Local\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.18_0\extensionData\plugins\80_CHPopupAppAPI.js, In Quarantäne, [e51b7c8443bd60a03b97a5c0a55d817f], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Local\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.18_0\extensionData\plugins\87_ginyas_wrapper.js, In Quarantäne, [e51b7c8443bd60a03b97a5c0a55d817f], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Local\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.18_0\extensionData\plugins\91_monetizationLoader.js.js, In Quarantäne, [e51b7c8443bd60a03b97a5c0a55d817f], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Local\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.18_0\extensionData\plugins\92_superfish_m.js, In Quarantäne, [e51b7c8443bd60a03b97a5c0a55d817f], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Local\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.18_0\extensionData\plugins\93_superfish_no_coupons_m.js, In Quarantäne, [e51b7c8443bd60a03b97a5c0a55d817f], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Local\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.18_0\extensionData\plugins\97_resourceApiWrapper.js, In Quarantäne, [e51b7c8443bd60a03b97a5c0a55d817f], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Local\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.18_0\extensionData\plugins\9_search_engine_hook.js, In Quarantäne, [e51b7c8443bd60a03b97a5c0a55d817f], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Local\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.18_0\extensionData\userCode\background.js, In Quarantäne, [e51b7c8443bd60a03b97a5c0a55d817f], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Local\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.18_0\extensionData\userCode\extension.js, In Quarantäne, [e51b7c8443bd60a03b97a5c0a55d817f], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Local\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.18_0\icons\icon128.png, In Quarantäne, [e51b7c8443bd60a03b97a5c0a55d817f], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Local\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.18_0\icons\icon16.png, In Quarantäne, [e51b7c8443bd60a03b97a5c0a55d817f], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Local\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.18_0\icons\icon48.png, In Quarantäne, [e51b7c8443bd60a03b97a5c0a55d817f], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Local\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.18_0\icons\actions\1.png, In Quarantäne, [e51b7c8443bd60a03b97a5c0a55d817f], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Local\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.18_0\js\background.js, In Quarantäne, [e51b7c8443bd60a03b97a5c0a55d817f], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Local\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.18_0\js\main.js, In Quarantäne, [e51b7c8443bd60a03b97a5c0a55d817f], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Local\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.18_0\js\api\chrome.js, In Quarantäne, [e51b7c8443bd60a03b97a5c0a55d817f], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Local\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.18_0\js\api\cookie.js, In Quarantäne, [e51b7c8443bd60a03b97a5c0a55d817f], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Local\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.18_0\js\api\message.js, In Quarantäne, [e51b7c8443bd60a03b97a5c0a55d817f], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Local\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.18_0\js\api\pageAction.js, In Quarantäne, [e51b7c8443bd60a03b97a5c0a55d817f], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Local\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.18_0\js\api\pageActionBG.js, In Quarantäne, [e51b7c8443bd60a03b97a5c0a55d817f], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Local\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.18_0\js\lib\app_api.js, In Quarantäne, [e51b7c8443bd60a03b97a5c0a55d817f], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Local\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.18_0\js\lib\bg_app_api.js, In Quarantäne, [e51b7c8443bd60a03b97a5c0a55d817f], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Local\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.18_0\js\lib\consts.js, In Quarantäne, [e51b7c8443bd60a03b97a5c0a55d817f], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Local\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.18_0\js\lib\cookie_store.js, In Quarantäne, [e51b7c8443bd60a03b97a5c0a55d817f], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Local\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.18_0\js\lib\crossriderAPI.js, In Quarantäne, [e51b7c8443bd60a03b97a5c0a55d817f], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Local\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.18_0\js\lib\delegate.js, In Quarantäne, [e51b7c8443bd60a03b97a5c0a55d817f], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Local\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.18_0\js\lib\events.js, In Quarantäne, [e51b7c8443bd60a03b97a5c0a55d817f], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Local\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.18_0\js\lib\extensionDataStore.js, In Quarantäne, [e51b7c8443bd60a03b97a5c0a55d817f], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Local\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.18_0\js\lib\installer.js, In Quarantäne, [e51b7c8443bd60a03b97a5c0a55d817f], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Local\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.18_0\js\lib\logFile.js, In Quarantäne, [e51b7c8443bd60a03b97a5c0a55d817f], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Local\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.18_0\js\lib\logging.js, In Quarantäne, [e51b7c8443bd60a03b97a5c0a55d817f], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Local\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.18_0\js\lib\onBGDocumentLoad.js, In Quarantäne, [e51b7c8443bd60a03b97a5c0a55d817f], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Local\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.18_0\js\lib\reports.js, In Quarantäne, [e51b7c8443bd60a03b97a5c0a55d817f], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Local\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.18_0\js\lib\storageWrapper.js, In Quarantäne, [e51b7c8443bd60a03b97a5c0a55d817f], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Local\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.18_0\js\lib\updateManager.js, In Quarantäne, [e51b7c8443bd60a03b97a5c0a55d817f], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Local\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.18_0\js\lib\util.js, In Quarantäne, [e51b7c8443bd60a03b97a5c0a55d817f], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Local\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.18_0\js\lib\xhr.js, In Quarantäne, [e51b7c8443bd60a03b97a5c0a55d817f], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Local\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.18_0\js\lib\popupResource\newPopup.js, In Quarantäne, [e51b7c8443bd60a03b97a5c0a55d817f], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Local\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.18_0\js\lib\popupResource\popup.js, In Quarantäne, [e51b7c8443bd60a03b97a5c0a55d817f], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\incpbbmbclbkhjphicahojidkcabaajc\000171.sst, In Quarantäne, [be4238c87888c53b9d3c98cdf80a04fc], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\incpbbmbclbkhjphicahojidkcabaajc\000176.sst, In Quarantäne, [be4238c87888c53b9d3c98cdf80a04fc], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\incpbbmbclbkhjphicahojidkcabaajc\000179.sst, In Quarantäne, [be4238c87888c53b9d3c98cdf80a04fc], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\incpbbmbclbkhjphicahojidkcabaajc\000180.log, In Quarantäne, [be4238c87888c53b9d3c98cdf80a04fc], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\incpbbmbclbkhjphicahojidkcabaajc\CURRENT, In Quarantäne, [be4238c87888c53b9d3c98cdf80a04fc], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\incpbbmbclbkhjphicahojidkcabaajc\LOCK, In Quarantäne, [be4238c87888c53b9d3c98cdf80a04fc], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\incpbbmbclbkhjphicahojidkcabaajc\LOG, In Quarantäne, [be4238c87888c53b9d3c98cdf80a04fc], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\incpbbmbclbkhjphicahojidkcabaajc\LOG.old, In Quarantäne, [be4238c87888c53b9d3c98cdf80a04fc], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\incpbbmbclbkhjphicahojidkcabaajc\MANIFEST-000178, In Quarantäne, [be4238c87888c53b9d3c98cdf80a04fc], PUP.Optional.SuperLyrics.A, C:\Users\Same\AppData\Local\SuperLyrics-16-BrowserExtensionUninstall\44162.crx, In Quarantäne, [1ce40af64eb20df3fe04bcaa3ec440c0], PUP.Optional.SuperLyrics.A, C:\Users\Same\AppData\Local\SuperLyrics-16-BrowserExtensionUninstall\44162.xpi, In Quarantäne, [1ce40af64eb20df3fe04bcaa3ec440c0], PUP.Optional.SuperLyrics.A, C:\Users\Same\AppData\Local\SuperLyrics-16-BrowserExtensionUninstall\Installer.log, In Quarantäne, [1ce40af64eb20df3fe04bcaa3ec440c0], PUP.Optional.SuperLyrics.A, C:\Users\Same\AppData\Local\SuperLyrics-16-BrowserExtensionUninstall\SuperLyrics-16-chromeinstaller.exe, In Quarantäne, [1ce40af64eb20df3fe04bcaa3ec440c0], PUP.Optional.SuperLyrics.A, C:\Users\Same\AppData\Local\SuperLyrics-16-BrowserExtensionUninstall\SuperLyrics-16-firefoxinstaller.exe, In Quarantäne, [1ce40af64eb20df3fe04bcaa3ec440c0], PUP.Optional.SuperLyrics.A, C:\Users\Same\AppData\Local\SuperLyrics-16-BrowserExtensionUninstall\Uninstall.exe, In Quarantäne, [1ce40af64eb20df3fe04bcaa3ec440c0], PUP.Optional.SnapDo.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\prefs.js, Gut: (), Schlecht: (user_pref("browser.newtab.url", "hxxp://feed.snapdo.com/?publisher=Tuguu&dpid=TuguuCR&co=DE&userid=14cd5bce-ca82-dc68-f5d6-30b69613d004&searchtype=nt&installDate={installDate}");), Ersetzt,[41bf956b2cd4b14f1dc4be91b74d37c9] PUP.Optional.SnapDo.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\prefs.js, Gut: (), Schlecht: (user_pref("keyword.URL", "hxxp://feed.snapdo.com/?publisher=Tuguu&dpid=TuguuCR&co=DE&userid=14cd5bce-ca82-dc68-f5d6-30b69613d004&searchtype=ds&installDate={installDate}&q=");), Ersetzt,[cf31a957c53bfc04d2100c43b94bbb45] PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.crossrider.bic", "141cfa9bafd7a31fc4d6db4148ae0da2");), Ersetzt,[eb15bd43ca3607f92ebb3619c34134cc] PUP.Optional.Snapdo.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\prefs.js, Gut: (), Schlecht: (user_pref("browser.startup.homepage", "hxxp://feed.snapdo.com/?publisher=Tuguu&dpid=TuguuCR&co=DE&userid=14cd5bce-ca82-dc68-f5d6-30b69613d004&searchtype=hp&installDate={installDate}");), Ersetzt,[c9378c7415eb5ea21023480828dca45c] PUP.Optional.Snapdo.A, C:\Users\Toni\AppData\Local\Google\Chrome\User Data\Default\Preferences, Gut: (), Schlecht: ( "startup_urls": [ "hxxp://www.google.com/", "hxxp://feed.snapdo.com/?publisher=Tuguu&dpid=TuguuCR&co=DE&userid=14cd5bce-ca82-dc68-f5d6-30b69613d004&searchtype=hp&installDate={installDate}", "hxxp://de.msn.com/?pc=UP97&ocid=UP97DHP" ],), Ersetzt,[6d93c739738d22de2f9c064aa55f9e62] Physische Sektoren: 0 (No malicious items detected) (end) Code:
ATTFilter # AdwCleaner v3.100 - Bericht erstellt am 20/04/2014 um 20:40:38 # Aktualisiert 20/04/2014 von Xplode # Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits) # Benutzername : Toni - TONI-HP # Gestartet von : C:\Users\Toni\Downloads\adwcleaner.exe # Option : Löschen ***** [ Dienste ] ***** ***** [ Dateien / Ordner ] ***** Ordner Gelöscht : C:\ProgramData\Babylon Ordner Gelöscht : C:\ProgramData\Trymedia Ordner Gelöscht : C:\ProgramData\Uniblue Ordner Gelöscht : C:\Program Files (x86)\DAEMON Tools Toolbar Ordner Gelöscht : C:\Program Files (x86)\yourfiledownloader Ordner Gelöscht : C:\Windows\Uninstaller Ordner Gelöscht : C:\Windows\SysWOW64\SearchProtect Ordner Gelöscht : C:\Users\Toni\AppData\Local\Babylon Ordner Gelöscht : C:\Users\Toni\AppData\Local\OpenCandy Ordner Gelöscht : C:\Users\Toni\AppData\LocalLow\boost_interprocess Ordner Gelöscht : C:\Users\Toni\AppData\Roaming\Babylon Ordner Gelöscht : C:\Users\Toni\AppData\Roaming\yourfiledownloader Ordner Gelöscht : C:\Users\Same\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup Ordner Gelöscht : C:\Users\Same\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk Datei Gelöscht : C:\Users\Same\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk Datei Gelöscht : C:\Users\Same\Desktop\MyPC Backup.lnk Datei Gelöscht : C:\Users\Toni\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.babylon.com_0.localstorage Datei Gelöscht : C:\Users\Toni\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.babylon.com_0.localstorage-journal ***** [ Verknüpfungen ] ***** ***** [ Registrierungsdatenbank ] ***** Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escort.DLL Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\driverscanner Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASAPI32 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASMANCS Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\driverscanner_RASAPI32 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\driverscanner_RASMANCS Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\YourFile_RASAPI32 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\YourFile_RASMANCS Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\YourFileUpdater_RASAPI32 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\YourFileUpdater_RASMANCS Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_klebezettel-ng_RASAPI32 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_klebezettel-ng_RASMANCS Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{32099AAC-C132-4136-9E9A-4E364A424E17} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{32099AAC-C132-4136-9E9A-4E364A424E17} Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9} Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4FC7-90CC-5EA0ABBE9EB8} Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{32099AAC-C132-4136-9E9A-4E364A424E17}] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17} Wert Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{32099AAC-C132-4136-9E9A-4E364A424E17}] Schlüssel Gelöscht : HKCU\Software\Conduit Schlüssel Gelöscht : HKCU\Software\dt soft\daemon tools toolbar Schlüssel Gelöscht : HKCU\Software\Softonic Schlüssel Gelöscht : HKCU\Software\YahooPartnerToolbar Schlüssel Gelöscht : HKCU\Software\YourFileDownloader Schlüssel Gelöscht : HKLM\Software\Babylon Schlüssel Gelöscht : HKLM\Software\Conduit Schlüssel Gelöscht : HKLM\Software\Trymedia Systems Schlüssel Gelöscht : HKLM\Software\Uniblue Schlüssel Gelöscht : HKLM\Software\YourFileDownloader Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\DivX\Install\Setup\WizardLayout\ConduitToolbar ***** [ Browser ] ***** -\\ Internet Explorer v11.0.9600.16521 -\\ Mozilla Firefox v28.0 (de) [ Datei : C:\Users\Toni\AppData\Roaming\Mozilla\Firefox\Profiles\54ueq59q.default-1392319113432\prefs.js ] [ Datei : C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\prefs.js ] Zeile gelöscht : user_pref("browser.search.selectedEngine", "Web Search"); -\\ Google Chrome v [ Datei : C:\Users\Toni\AppData\Local\Google\Chrome\User Data\Default\preferences ] [ Datei : C:\Users\Same\AppData\Local\Google\Chrome\User Data\Default\preferences ] Gelöscht : urls_to_restore_on_startup ************************* AdwCleaner[R0].txt - [6746 octets] - [20/04/2014 20:39:23] AdwCleaner[S0].txt - [5966 octets] - [20/04/2014 20:40:38] ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [6026 octets] ########## |
20.04.2014, 23:08 | #6 |
| Festplattenzugriff sehr langsam - Malware? Vielen Dank! Die Logs sind wohl zu lange, und irgendwie hängt sich der PC beim Archive-Machen auf, ich teile den Beitrag jetzt also ausnahmsweise mal in 2. Hoffe, das ist ok! Die mbam.txt: Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 16.04.2014 Suchlauf-Zeit: 15:40:04 Logdatei: mbam right.txt Administrator: Ja Version: 2.00.1.1004 Malware Datenbank: v2014.04.16.05 Rootkit Datenbank: v2014.03.27.01 Lizenz: Testversion Malware Schutz: Aktiviert Bösartiger Webseiten Schutz: Aktiviert Chameleon: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x64 Dateisystem: NTFS Benutzer: Toni Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 320004 Verstrichene Zeit: 58 Min, 54 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Aktiviert Shuriken: Aktiviert PUP: Warnen PUM: Aktiviert Prozesse: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registrierungsschlüssel: 8 PUP.Optional.InstallCore.A, HKU\S-1-5-21-1437298276-3645973725-722044047-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE, In Quarantäne, [9c645fa17f81b44cab570c8633d016ea], PUP.Optional.Softonic.A, HKU\S-1-5-21-1437298276-3645973725-722044047-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SOFTONIC\Universal Downloader, In Quarantäne, [fe02867aee1247b9d20c1257e61c8878], PUP.Optional.SmartBar, HKU\S-1-5-21-1437298276-3645973725-722044047-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SmartbarBackup, In Quarantäne, [ed131ae6f60ad32d0f89b5f58d7647b9], PUP.Optional.SmartBar, HKU\S-1-5-21-1437298276-3645973725-722044047-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SmartbarLog, In Quarantäne, [1ae639c7e818f50b2b6c2387c63df808], PUP.Optional.Lyrics.A, HKU\S-1-5-21-1437298276-3645973725-722044047-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\SuperLyrics-16, In Quarantäne, [ed134bb5d12fae529d079fccfe04be42], PUP.Optional.Feven.A, HKU\S-1-5-21-1437298276-3645973725-722044047-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\Feven, In Quarantäne, [936db8489868d22ee07be9b7bc4757a9], PUP.Optional.Lyrics.A, HKU\S-1-5-21-1437298276-3645973725-722044047-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\PassWizard, In Quarantäne, [b44c7c84b24ed0301c552b70c2419e62], PUP.Optional.SuperLyrics.A, HKU\S-1-5-21-1437298276-3645973725-722044047-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\SuperLyrics-16, In Quarantäne, [1ce40af64eb20df3fe04bcaa3ec440c0], Registrierungswerte: 1 PUP.Optional.InstallCore.A, HKU\S-1-5-21-1437298276-3645973725-722044047-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE|tb, 0C1K1O2X1H1Q1KtF1FtG1O, In Quarantäne, [9c645fa17f81b44cab570c8633d016ea] Registrierungsdaten: 7 PUP.Optional.Conduit.A, HKU\S-1-5-21-1437298276-3645973725-722044047-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://search.conduit.com/?ctid=CT3314958&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=2&UP=SP50F5CAE3-AA79-4F90-9244-0500FEC0D980&SSPV=, Gut: (hxxp://www.google.com), Schlecht: (hxxp://search.conduit.com/?ctid=CT3314958&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=2&UP=SP50F5CAE3-AA79-4F90-9244-0500FEC0D980&SSPV=),Ersetzt,[0ff1aa5688781fe15a2e9a8107fd34cc] PUP.Optional.Snapdo, HKU\S-1-5-21-1437298276-3645973725-722044047-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://feed.snapdo.com/?publisher=Tuguu&dpid=TuguuCR&co=DE&userid=14cd5bce-ca82-dc68-f5d6-30b69613d004&searchtype=hp&installDate={installDate}, Gut: (hxxp://www.google.com), Schlecht: (hxxp://feed.snapdo.com/?publisher=Tuguu&dpid=TuguuCR&co=DE&userid=14cd5bce-ca82-dc68-f5d6-30b69613d004&searchtype=hp&installDate={installDate}),Ersetzt,[f20eeb1535cbbe42424f978db05434cc] PUP.Optional.Snapdo, HKU\S-1-5-21-1437298276-3645973725-722044047-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, hxxp://feed.snapdo.com/?publisher=Tuguu&dpid=TuguuCR&co=DE&userid=14cd5bce-ca82-dc68-f5d6-30b69613d004&searchtype=ds&q={searchTerms}&installDate={installDate}, Gut: (hxxp://www.google.com), Schlecht: (hxxp://feed.snapdo.com/?publisher=Tuguu&dpid=TuguuCR&co=DE&userid=14cd5bce-ca82-dc68-f5d6-30b69613d004&searchtype=ds&q={searchTerms}&installDate={installDate}),Ersetzt,[857b3dc3b54b11efa9e7de46d72d7b85] PUP.Optional.Snapdo, HKU\S-1-5-21-1437298276-3645973725-722044047-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Bar, hxxp://feed.snapdo.com/?publisher=Tuguu&dpid=TuguuCR&co=DE&userid=14cd5bce-ca82-dc68-f5d6-30b69613d004&searchtype=ds&q={searchTerms}&installDate={installDate}, Gut: (hxxp://www.google.com), Schlecht: (hxxp://feed.snapdo.com/?publisher=Tuguu&dpid=TuguuCR&co=DE&userid=14cd5bce-ca82-dc68-f5d6-30b69613d004&searchtype=ds&q={searchTerms}&installDate={installDate}),Ersetzt,[a25e13edcb35966ad0bf1311fa0a669a] PUP.Optional.Snapdo, HKU\S-1-5-21-1437298276-3645973725-722044047-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|Default_Search_URL, hxxp://feed.snapdo.com/?publisher=Tuguu&dpid=TuguuCR&co=DE&userid=14cd5bce-ca82-dc68-f5d6-30b69613d004&searchtype=ds&q={searchTerms}&installDate={installDate}, Gut: (hxxp://www.google.com), Schlecht: (hxxp://feed.snapdo.com/?publisher=Tuguu&dpid=TuguuCR&co=DE&userid=14cd5bce-ca82-dc68-f5d6-30b69613d004&searchtype=ds&q={searchTerms}&installDate={installDate}),Ersetzt,[3ec2cd338d739769c4ceac78ea1ae41c] PUP.Optional.Snapdo, HKU\S-1-5-21-1437298276-3645973725-722044047-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|SearchAssistant, hxxp://feed.snapdo.com/?publisher=Tuguu&dpid=TuguuCR&co=DE&userid=14cd5bce-ca82-dc68-f5d6-30b69613d004&searchtype=ds&q={searchTerms}&installDate={installDate}, Gut: (hxxp://www.google.com), Schlecht: (hxxp://feed.snapdo.com/?publisher=Tuguu&dpid=TuguuCR&co=DE&userid=14cd5bce-ca82-dc68-f5d6-30b69613d004&searchtype=ds&q={searchTerms}&installDate={installDate}),Ersetzt,[936d1fe1eb1538c8246fa0842ed63ac6] PUP.Optional.SnapDo.A, HKU\S-1-5-21-1437298276-3645973725-722044047-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHURL|Default, hxxp://feed.snapdo.com/?publisher=Tuguu&dpid=TuguuCR&co=DE&userid=14cd5bce-ca82-dc68-f5d6-30b69613d004&searchtype=ds&q={searchTerms}&installDate={installDate}, Gut: (www.google.com), Schlecht: (hxxp://feed.snapdo.com/?publisher=Tuguu&dpid=TuguuCR&co=DE&userid=14cd5bce-ca82-dc68-f5d6-30b69613d004&searchtype=ds&q={searchTerms}&installDate={installDate}),Ersetzt,[46ba90700000be426dbb57c460a4a25e] Ordner: 46 PUP.Optional.Desk365.A, C:\Users\Same\AppData\Roaming\Desk 365, In Quarantäne, [639d1ae69a6637c9e7e4fa95748f15eb], PUP.Optional.Desk365.A, C:\Users\Same\AppData\Roaming\Desk 365\components, In Quarantäne, [639d1ae69a6637c9e7e4fa95748f15eb], PUP.Optional.Desk365.A, C:\Users\Same\AppData\Roaming\Desk 365\desk_bkg, In Quarantäne, [639d1ae69a6637c9e7e4fa95748f15eb], PUP.Optional.Desk365.A, C:\Users\Same\AppData\Roaming\Desk 365\promote, In Quarantäne, [639d1ae69a6637c9e7e4fa95748f15eb], PUP.Optional.OpenCandy, C:\Users\Toni\AppData\Roaming\OpenCandy, In Quarantäne, [5fa116ea38c858a876924e0f966c40c0], PUP.Optional.OpenCandy, C:\Users\Toni\AppData\Roaming\OpenCandy\OpenCandy_13DA043A7C264CBF8622166651D0F496, In Quarantäne, [5fa116ea38c858a876924e0f966c40c0], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com, In Quarantäne, [a45c49b7c0404cb4f7e80a58b44efa06], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\chrome, In Quarantäne, [a45c49b7c0404cb4f7e80a58b44efa06], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\chrome\content, In Quarantäne, [a45c49b7c0404cb4f7e80a58b44efa06], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\chrome\content\api, In Quarantäne, [a45c49b7c0404cb4f7e80a58b44efa06], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\chrome\content\core, In Quarantäne, [a45c49b7c0404cb4f7e80a58b44efa06], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\defaults, In Quarantäne, [a45c49b7c0404cb4f7e80a58b44efa06], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\defaults\preferences, In Quarantäne, [a45c49b7c0404cb4f7e80a58b44efa06], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\extensionData, In Quarantäne, [a45c49b7c0404cb4f7e80a58b44efa06], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\extensionData\plugins, In Quarantäne, [a45c49b7c0404cb4f7e80a58b44efa06], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\extensionData\userCode, In Quarantäne, [a45c49b7c0404cb4f7e80a58b44efa06], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\locale, In Quarantäne, [a45c49b7c0404cb4f7e80a58b44efa06], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\locale\en-US, In Quarantäne, [a45c49b7c0404cb4f7e80a58b44efa06], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\skin, In Quarantäne, [a45c49b7c0404cb4f7e80a58b44efa06], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com, In Quarantäne, [7888e02040c0ba469b44d19135cd5ca4], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\chrome, In Quarantäne, [7888e02040c0ba469b44d19135cd5ca4], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\chrome\content, In Quarantäne, [7888e02040c0ba469b44d19135cd5ca4], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\chrome\content\api, In Quarantäne, [7888e02040c0ba469b44d19135cd5ca4], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\chrome\content\core, In Quarantäne, [7888e02040c0ba469b44d19135cd5ca4], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\defaults, In Quarantäne, [7888e02040c0ba469b44d19135cd5ca4], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\defaults\preferences, In Quarantäne, [7888e02040c0ba469b44d19135cd5ca4], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\extensionData, In Quarantäne, [7888e02040c0ba469b44d19135cd5ca4], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\extensionData\plugins, In Quarantäne, [7888e02040c0ba469b44d19135cd5ca4], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\extensionData\userCode, In Quarantäne, [7888e02040c0ba469b44d19135cd5ca4], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\locale, In Quarantäne, [7888e02040c0ba469b44d19135cd5ca4], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\locale\en-US, In Quarantäne, [7888e02040c0ba469b44d19135cd5ca4], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\skin, In Quarantäne, [7888e02040c0ba469b44d19135cd5ca4], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_incpbbmbclbkhjphicahojidkcabaajc_0, In Quarantäne, [f60a639dd42c68988f3dbbaa07fb44bc], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Local\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc, In Quarantäne, [e51b7c8443bd60a03b97a5c0a55d817f], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Local\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.18_0, In Quarantäne, [e51b7c8443bd60a03b97a5c0a55d817f], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Local\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.18_0\extensionData, In Quarantäne, [e51b7c8443bd60a03b97a5c0a55d817f], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Local\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.18_0\extensionData\plugins, In Quarantäne, [e51b7c8443bd60a03b97a5c0a55d817f], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Local\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.18_0\extensionData\userCode, In Quarantäne, [e51b7c8443bd60a03b97a5c0a55d817f], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Local\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.18_0\icons, In Quarantäne, [e51b7c8443bd60a03b97a5c0a55d817f], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Local\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.18_0\icons\actions, In Quarantäne, [e51b7c8443bd60a03b97a5c0a55d817f], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Local\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.18_0\js, In Quarantäne, [e51b7c8443bd60a03b97a5c0a55d817f], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Local\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.18_0\js\api, In Quarantäne, [e51b7c8443bd60a03b97a5c0a55d817f], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Local\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.18_0\js\lib, In Quarantäne, [e51b7c8443bd60a03b97a5c0a55d817f], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Local\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.18_0\js\lib\popupResource, In Quarantäne, [e51b7c8443bd60a03b97a5c0a55d817f], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\incpbbmbclbkhjphicahojidkcabaajc, In Quarantäne, [be4238c87888c53b9d3c98cdf80a04fc], PUP.Optional.SuperLyrics.A, C:\Users\Same\AppData\Local\SuperLyrics-16-BrowserExtensionUninstall, In Quarantäne, [1ce40af64eb20df3fe04bcaa3ec440c0], Dateien: 397 PUP.Optional.Conduit.A, C:\Users\Toni\AppData\Local\Temp\SPSetup.exe, In Quarantäne, [8779d927a85842be96478b8ddb26fc04], PUP.Optional.SearchProtect.A, C:\Users\Toni\AppData\Local\Temp\nsxF251.exe, In Quarantäne, [5aa61fe131cfe719549a65be0ef34ab6], PUP.Optional.SearchProtect.A, C:\Windows\temp\nsgBB8A.exe, In Quarantäne, [f50b02fe7a867e8299555cc73ac703fd], PUP.Optional.SearchProtect.A, C:\Windows\temp\nslCE40.exe, In Quarantäne, [13edd52b2cd4b050638b54cf6d9420e0], PUP.Optional.SearchProtect.A, C:\Windows\temp\nsq1033.exe, In Quarantäne, [88787888dd234bb5c82626fd0cf51ce4], PUP.Optional.SearchProtect.A, C:\Windows\temp\nsqD255.exe, In Quarantäne, [60a0cc34ec148a7621cdd54e56ab8b75], PUP.Optional.SearchProtect.A, C:\Windows\temp\nsqE452.exe, In Quarantäne, [fd03c13ff30d877921cd47dc4bb6fe02], PUP.Optional.SearchProtect.A, C:\Windows\temp\nsqE453.exe, In Quarantäne, [9f611be57d83718fa44a0e156998d62a], PUP.Optional.SearchProtect.A, C:\Windows\temp\nst52C5.exe, In Quarantäne, [ef11817f06fa4ab611dd9e852ad75ca4], PUP.Optional.SearchProtect.A, C:\Windows\temp\nsvB7F1.exe, In Quarantäne, [847cde22c63ae917a34be0436c95956b], PUP.Optional.SearchProtect.A, C:\Windows\temp\nsw2E2F.exe, In Quarantäne, [ca369070e21e3bc52bc36bb8d928ba46], PUP.Optional.SearchProtect.A, C:\Windows\temp\nsyAA09.exe, In Quarantäne, [bd4334ccf10feb15b93577ac837e0df3], PUP.Optional.BundleInstaller.A, C:\Users\Same\Downloads\Setup (1).exe, In Quarantäne, [13edad533cc497690ef265bfa15f12ee], PUP.Optional.Firseria, C:\Users\Same\Downloads\Setup (2).exe, In Quarantäne, [a759e917b24ec7394f8cde6bcd377d83], PUP.Optional.BundleInstaller.A, C:\Users\Same\Downloads\Setup.exe, In Quarantäne, [867ac838619f5ca4b34d47dd20e00ef2], PUP.Optional.DomaIQ, C:\Users\Same\Downloads\Java (1).exe, In Quarantäne, [5ca47789d927a45ce86566bae021e31d], PUP.Optional.DomaIQ, C:\Users\Same\Downloads\Java (2).exe, In Quarantäne, [af51ab5517e9cd3379d42000e918b34d], PUP.Optional.DomaIQ, C:\Users\Same\Downloads\Java (3).exe, In Quarantäne, [5ea2f10fc63a19e74508061af011e11f], PUP.Optional.DomaIQ, C:\Users\Same\Downloads\Java.exe, In Quarantäne, [669a8f7127d9c7390746f42c7f82629e], PUP.Optional.InstalleRex, C:\Users\Toni\Downloads\Download.exe, In Quarantäne, [0af602feb05027d9dbaca192ba47fd03], PUP.Optional.Softonic.A, C:\Users\Toni\Downloads\SoftonicDownloader_fuer_hijackthis.exe, In Quarantäne, [0cf450b025db1ee2f9a71604e1206997], PUP.Optional.Feven.A, C:\Users\Same\AppData\Local\Feven 1.5-BrowserExtensionUninstall\Feven 1.5-chromeinstaller.exe, In Quarantäne, [ea16f60add235ea204e9a69dc93841bf], PUP.Optional.Feven.A, C:\Users\Same\AppData\Local\Feven 1.5-BrowserExtensionUninstall\Feven 1.5-firefoxinstaller.exe, In Quarantäne, [1ee2837d52ae0000816c1a292fd2a060], PUP.Optional.Feven.A, C:\Users\Same\AppData\Local\Feven 1.5-BrowserExtensionUninstall\utils.exe, In Quarantäne, [827e649c748cdb258257e25d6a96867a], PUP.Optional.TubeSing.A, C:\Users\Same\AppData\Local\SuperLyrics-16-BrowserExtensionUninstall\utils.exe, In Quarantäne, [60a0dc24a45c11ef714346e160a1be42], Malware.Gen, C:\Users\Toni\Desktop\Desktop\nvivo 7\Keygen.exe, In Quarantäne, [b64a60a055ab60a0357aaba4c739936d], Malware.Gen, C:\Users\Toni\Desktop\Desktop\nvivo 7\qsrnvivov7.0.281.0sp4keygenhaze.zip, In Quarantäne, [5ea2ba4644bc6b956b444f008b7552ae], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_incpbbmbclbkhjphicahojidkcabaajc_0.localstorage, In Quarantäne, [2dd3e51b867a8878c2d75a11738fb050], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_incpbbmbclbkhjphicahojidkcabaajc_0.localstorage-journal, In Quarantäne, [9b65d22ee41c77898e0beb803ec49c64], PUP.Optional.WebSearch.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\searchplugins\Web Search.xml, In Quarantäne, [ac546a96ee122cd46b152d445aa8d12f], PUP.Optional.Desk365.A, C:\Users\Same\AppData\Roaming\Desk 365\promote.xml, In Quarantäne, [639d1ae69a6637c9e7e4fa95748f15eb], PUP.Optional.Desk365.A, C:\Users\Same\AppData\Roaming\Desk 365\accelerate, In Quarantäne, [639d1ae69a6637c9e7e4fa95748f15eb], PUP.Optional.Desk365.A, C:\Users\Same\AppData\Roaming\Desk 365\desk_bkg_list.xml, In Quarantäne, [639d1ae69a6637c9e7e4fa95748f15eb], PUP.Optional.Desk365.A, C:\Users\Same\AppData\Roaming\Desk 365\desk_bkg\desk_bkg_1.png, In Quarantäne, [639d1ae69a6637c9e7e4fa95748f15eb], PUP.Optional.Desk365.A, C:\Users\Same\AppData\Roaming\Desk 365\desk_bkg\desk_bkg_2.png, In Quarantäne, [639d1ae69a6637c9e7e4fa95748f15eb], PUP.Optional.Desk365.A, C:\Users\Same\AppData\Roaming\Desk 365\desk_bkg\desk_bkg_3.png, In Quarantäne, [639d1ae69a6637c9e7e4fa95748f15eb], PUP.Optional.Desk365.A, C:\Users\Same\AppData\Roaming\Desk 365\desk_bkg\desk_bkg_4.png, In Quarantäne, [639d1ae69a6637c9e7e4fa95748f15eb], PUP.Optional.Desk365.A, C:\Users\Same\AppData\Roaming\Desk 365\desk_bkg\desk_bkg_5.png, In Quarantäne, [639d1ae69a6637c9e7e4fa95748f15eb], PUP.Optional.Desk365.A, C:\Users\Same\AppData\Roaming\Desk 365\desk_bkg\desk_bkg_default.png, In Quarantäne, [639d1ae69a6637c9e7e4fa95748f15eb], PUP.Optional.Desk365.A, C:\Users\Same\AppData\Roaming\Desk 365\promote\337.ico, In Quarantäne, [639d1ae69a6637c9e7e4fa95748f15eb], PUP.Optional.Desk365.A, C:\Users\Same\AppData\Roaming\Desk 365\promote\barbie.ico, In Quarantäne, [639d1ae69a6637c9e7e4fa95748f15eb], PUP.Optional.Desk365.A, C:\Users\Same\AppData\Roaming\Desk 365\promote\facebook.ico, In Quarantäne, [639d1ae69a6637c9e7e4fa95748f15eb], PUP.Optional.Desk365.A, C:\Users\Same\AppData\Roaming\Desk 365\promote\GameCenter.ico, In Quarantäne, [639d1ae69a6637c9e7e4fa95748f15eb], PUP.Optional.Desk365.A, C:\Users\Same\AppData\Roaming\Desk 365\promote\google.ico, In Quarantäne, [639d1ae69a6637c9e7e4fa95748f15eb], PUP.Optional.Desk365.A, C:\Users\Same\AppData\Roaming\Desk 365\promote\mario.ico, In Quarantäne, [639d1ae69a6637c9e7e4fa95748f15eb], PUP.Optional.Desk365.A, C:\Users\Same\AppData\Roaming\Desk 365\promote\twitter.ico, In Quarantäne, [639d1ae69a6637c9e7e4fa95748f15eb], PUP.Optional.Desk365.A, C:\Users\Same\AppData\Roaming\Desk 365\promote\v9.ico, In Quarantäne, [639d1ae69a6637c9e7e4fa95748f15eb], PUP.Optional.Desk365.A, C:\Users\Same\AppData\Roaming\Desk 365\promote\youtube.ico, In Quarantäne, [639d1ae69a6637c9e7e4fa95748f15eb], PUP.Optional.Desk365.A, C:\Users\Same\AppData\Roaming\Microsoft\Windows\SendTo\Desk 365.lnk, In Quarantäne, [857bbc44a858c43cc819712712f148b8], PUP.Optional.SuperLyrics.A, C:\Windows\Tasks\SuperLyrics-16-chromeinstaller.job, In Quarantäne, [cc34ce328c74a35d97471b7e37cc2dd3], PUP.Optional.SuperLyrics.A, C:\Windows\Tasks\SuperLyrics-16-firefoxinstaller.job, In Quarantäne, [cd33817fa8580ef2538b05948083ea16], PUP.Optional.Feven.A, C:\Windows\Tasks\Feven 1.5-chromeinstaller.job, In Quarantäne, [22def20eb64aee124514bfe116ed857b], PUP.Optional.Feven.A, C:\Windows\Tasks\Feven 1.5-firefoxinstaller.job, In Quarantäne, [619f45bb60a0a0606aef9a06a45f0df3], PUP.Optional.OpenCandy, C:\Users\Toni\AppData\Roaming\OpenCandy\OpenCandy_13DA043A7C264CBF8622166651D0F496\1600.ico, In Quarantäne, [5fa116ea38c858a876924e0f966c40c0], PUP.Optional.OpenCandy, C:\Users\Toni\AppData\Roaming\OpenCandy\OpenCandy_13DA043A7C264CBF8622166651D0F496\PCBeschleunigen.exe, In Quarantäne, [5fa116ea38c858a876924e0f966c40c0], PUP.Optional.OpenCandy, C:\Users\Toni\AppData\Roaming\OpenCandy\OpenCandy_13DA043A7C264CBF8622166651D0F496\SpeedstarterDE.exe, In Quarantäne, [5fa116ea38c858a876924e0f966c40c0], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\chrome.manifest, In Quarantäne, [a45c49b7c0404cb4f7e80a58b44efa06], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\install.rdf, In Quarantäne, [a45c49b7c0404cb4f7e80a58b44efa06], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\chrome\content\api.js, In Quarantäne, [a45c49b7c0404cb4f7e80a58b44efa06], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\chrome\content\background.html, In Quarantäne, [a45c49b7c0404cb4f7e80a58b44efa06], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\chrome\content\baseObject.js, In Quarantäne, [a45c49b7c0404cb4f7e80a58b44efa06], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\chrome\content\browser.xul, In Quarantäne, [a45c49b7c0404cb4f7e80a58b44efa06], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\chrome\content\dialog.js, In Quarantäne, [a45c49b7c0404cb4f7e80a58b44efa06], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\chrome\content\main.js, In Quarantäne, [a45c49b7c0404cb4f7e80a58b44efa06], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\chrome\content\options.js, In Quarantäne, [a45c49b7c0404cb4f7e80a58b44efa06], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\chrome\content\options.xul, In Quarantäne, [a45c49b7c0404cb4f7e80a58b44efa06], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\chrome\content\search_dialog.xul, In Quarantäne, [a45c49b7c0404cb4f7e80a58b44efa06], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\chrome\content\api\asyncDB.js, In Quarantäne, [a45c49b7c0404cb4f7e80a58b44efa06], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\chrome\content\api\background.js, In Quarantäne, [a45c49b7c0404cb4f7e80a58b44efa06], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\chrome\content\api\browserAction.js, In Quarantäne, [a45c49b7c0404cb4f7e80a58b44efa06], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\chrome\content\api\contextMenu.js, In Quarantäne, [a45c49b7c0404cb4f7e80a58b44efa06], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\chrome\content\api\dbManager.js, In Quarantäne, [a45c49b7c0404cb4f7e80a58b44efa06], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\chrome\content\api\dom_bg.js, In Quarantäne, [a45c49b7c0404cb4f7e80a58b44efa06], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\chrome\content\api\fileManager.js, In Quarantäne, [a45c49b7c0404cb4f7e80a58b44efa06], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\chrome\content\api\firefox.js, In Quarantäne, [a45c49b7c0404cb4f7e80a58b44efa06], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\chrome\content\api\firefoxNotifications.js, In Quarantäne, [a45c49b7c0404cb4f7e80a58b44efa06], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\chrome\content\api\firefoxOmnibox.js, In Quarantäne, [a45c49b7c0404cb4f7e80a58b44efa06], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\chrome\content\api\message.js, In Quarantäne, [a45c49b7c0404cb4f7e80a58b44efa06], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\chrome\content\api\pageAction.js, In Quarantäne, [a45c49b7c0404cb4f7e80a58b44efa06], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\chrome\content\api\request.js, In Quarantäne, [a45c49b7c0404cb4f7e80a58b44efa06], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\chrome\content\api\tabs.js, In Quarantäne, [a45c49b7c0404cb4f7e80a58b44efa06], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\chrome\content\api\webRequest.js, In Quarantäne, [a45c49b7c0404cb4f7e80a58b44efa06], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\chrome\content\core\console.js, In Quarantäne, [a45c49b7c0404cb4f7e80a58b44efa06], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\chrome\content\core\consts.js, In Quarantäne, [a45c49b7c0404cb4f7e80a58b44efa06], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\chrome\content\core\delegate.js, In Quarantäne, [a45c49b7c0404cb4f7e80a58b44efa06], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\chrome\content\core\extensionDataStore.js, In Quarantäne, [a45c49b7c0404cb4f7e80a58b44efa06], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\chrome\content\core\folderIOWrapper.js, In Quarantäne, [a45c49b7c0404cb4f7e80a58b44efa06], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\chrome\content\core\httpObserver.js, In Quarantäne, [a45c49b7c0404cb4f7e80a58b44efa06], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\chrome\content\core\IDBWrapper.js, In Quarantäne, [a45c49b7c0404cb4f7e80a58b44efa06], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\chrome\content\core\installer.js, In Quarantäne, [a45c49b7c0404cb4f7e80a58b44efa06], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\chrome\content\core\logFile.js, In Quarantäne, [a45c49b7c0404cb4f7e80a58b44efa06], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\chrome\content\core\prefs.js, In Quarantäne, [a45c49b7c0404cb4f7e80a58b44efa06], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\chrome\content\core\progressListenerObserver.js, In Quarantäne, [a45c49b7c0404cb4f7e80a58b44efa06], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\chrome\content\core\registry.js, In Quarantäne, [a45c49b7c0404cb4f7e80a58b44efa06], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\chrome\content\core\reloadObserver.js, In Quarantäne, [a45c49b7c0404cb4f7e80a58b44efa06], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\chrome\content\core\reports.js, In Quarantäne, [a45c49b7c0404cb4f7e80a58b44efa06], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\chrome\content\core\requestObject.js, In Quarantäne, [a45c49b7c0404cb4f7e80a58b44efa06], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\chrome\content\core\searchSettings.js, In Quarantäne, [a45c49b7c0404cb4f7e80a58b44efa06], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\chrome\content\core\uninstallObserver.js, In Quarantäne, [a45c49b7c0404cb4f7e80a58b44efa06], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\chrome\content\core\updateManager.js, In Quarantäne, [a45c49b7c0404cb4f7e80a58b44efa06], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\chrome\content\core\utils.js, In Quarantäne, [a45c49b7c0404cb4f7e80a58b44efa06], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\chrome\content\core\xhr.js, In Quarantäne, [a45c49b7c0404cb4f7e80a58b44efa06], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\defaults\preferences\prefs.js, In Quarantäne, [a45c49b7c0404cb4f7e80a58b44efa06], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\extensionData\manifest.xml, In Quarantäne, [a45c49b7c0404cb4f7e80a58b44efa06], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\extensionData\plugins.json, In Quarantäne, [a45c49b7c0404cb4f7e80a58b44efa06], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\extensionData\plugins\138_getdeal_m.js, In Quarantäne, [a45c49b7c0404cb4f7e80a58b44efa06], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\extensionData\plugins\101_cortica_m.js, In Quarantäne, [a45c49b7c0404cb4f7e80a58b44efa06], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\extensionData\plugins\102_dealply_m.js, In Quarantäne, [a45c49b7c0404cb4f7e80a58b44efa06], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\extensionData\plugins\103_intext_5_m.js, In Quarantäne, [a45c49b7c0404cb4f7e80a58b44efa06], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\extensionData\plugins\104_jollywallet_m.js, In Quarantäne, [a45c49b7c0404cb4f7e80a58b44efa06], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\extensionData\plugins\105_corticas_m.js, In Quarantäne, [a45c49b7c0404cb4f7e80a58b44efa06], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\extensionData\plugins\107_coupish_m.js, In Quarantäne, [a45c49b7c0404cb4f7e80a58b44efa06], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\extensionData\plugins\108_icm_m.js, In Quarantäne, [a45c49b7c0404cb4f7e80a58b44efa06], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\extensionData\plugins\116_ads_only_5_m.js, In Quarantäne, [a45c49b7c0404cb4f7e80a58b44efa06], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\extensionData\plugins\117_coupons_intext_ads_5_m.js, In Quarantäne, [a45c49b7c0404cb4f7e80a58b44efa06], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\extensionData\plugins\119_similar_web_m.js, In Quarantäne, [a45c49b7c0404cb4f7e80a58b44efa06], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\extensionData\plugins\120_luck_m.js, In Quarantäne, [a45c49b7c0404cb4f7e80a58b44efa06], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\extensionData\plugins\170_icm1_5_m.js, In Quarantäne, [a45c49b7c0404cb4f7e80a58b44efa06], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\extensionData\plugins\171_arcadi2_sourceID_m.js, In Quarantäne, [a45c49b7c0404cb4f7e80a58b44efa06], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\extensionData\plugins\174_arcadi_serp_dynamic_id_m.js, In Quarantäne, [a45c49b7c0404cb4f7e80a58b44efa06], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\extensionData\plugins\175_coolmirage_m.js, In Quarantäne, [a45c49b7c0404cb4f7e80a58b44efa06], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\extensionData\plugins\17_jQuery.js, In Quarantäne, [a45c49b7c0404cb4f7e80a58b44efa06], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\extensionData\plugins\1_base.js, In Quarantäne, [a45c49b7c0404cb4f7e80a58b44efa06], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\extensionData\plugins\21_debug.js, In Quarantäne, [a45c49b7c0404cb4f7e80a58b44efa06], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\extensionData\plugins\22_resources.js, In Quarantäne, [a45c49b7c0404cb4f7e80a58b44efa06], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\extensionData\plugins\28_initializer.js, In Quarantäne, [a45c49b7c0404cb4f7e80a58b44efa06], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\extensionData\plugins\47_resources_background.js, In Quarantäne, [a45c49b7c0404cb4f7e80a58b44efa06], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\extensionData\plugins\4_jquery_1_7_1.js, In Quarantäne, [a45c49b7c0404cb4f7e80a58b44efa06], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\extensionData\plugins\64_appApiMessage.js, In Quarantäne, [a45c49b7c0404cb4f7e80a58b44efa06], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\extensionData\plugins\123_intext_adv_m.js, In Quarantäne, [a45c49b7c0404cb4f7e80a58b44efa06], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\extensionData\plugins\124_superfish_no_search_no_coupons_m.js, In Quarantäne, [a45c49b7c0404cb4f7e80a58b44efa06], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\extensionData\plugins\125_arcadi2_m.js, In Quarantäne, [a45c49b7c0404cb4f7e80a58b44efa06], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\extensionData\plugins\126_revizer_ws_m.js, In Quarantäne, [a45c49b7c0404cb4f7e80a58b44efa06], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\extensionData\plugins\127_revizer_p_m.js, In Quarantäne, [a45c49b7c0404cb4f7e80a58b44efa06], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\extensionData\plugins\128_superfish_pricora_m.js, In Quarantäne, [a45c49b7c0404cb4f7e80a58b44efa06], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\extensionData\plugins\129_widdit_m.js, In Quarantäne, [a45c49b7c0404cb4f7e80a58b44efa06], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\extensionData\plugins\135_arcadi3_m.js, In Quarantäne, [a45c49b7c0404cb4f7e80a58b44efa06], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\extensionData\plugins\72_appApiValidation.js, In Quarantäne, [a45c49b7c0404cb4f7e80a58b44efa06], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\extensionData\plugins\78_CrossriderInfo.js, In Quarantäne, [a45c49b7c0404cb4f7e80a58b44efa06], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\extensionData\plugins\7_hooks.js, In Quarantäne, [a45c49b7c0404cb4f7e80a58b44efa06], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\extensionData\plugins\87_ginyas_wrapper.js, In Quarantäne, [a45c49b7c0404cb4f7e80a58b44efa06], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\extensionData\plugins\91_monetizationLoader.js.js, In Quarantäne, [a45c49b7c0404cb4f7e80a58b44efa06], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\extensionData\plugins\92_superfish_m.js, In Quarantäne, [a45c49b7c0404cb4f7e80a58b44efa06], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\extensionData\plugins\93_superfish_no_coupons_m.js, In Quarantäne, [a45c49b7c0404cb4f7e80a58b44efa06], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\extensionData\plugins\98_omniCommands.js, In Quarantäne, [a45c49b7c0404cb4f7e80a58b44efa06], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\extensionData\plugins\9_search_engine_hook.js, In Quarantäne, [a45c49b7c0404cb4f7e80a58b44efa06], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\extensionData\plugins\13_CrossriderAppUtils.js, In Quarantäne, [a45c49b7c0404cb4f7e80a58b44efa06], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\extensionData\plugins\141_corticas_ru_m.js.js, In Quarantäne, [a45c49b7c0404cb4f7e80a58b44efa06], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\extensionData\plugins\142_intext_fa_m.js, In Quarantäne, [a45c49b7c0404cb4f7e80a58b44efa06], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\extensionData\plugins\14_CrossriderUtils.js, In Quarantäne, [a45c49b7c0404cb4f7e80a58b44efa06], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\extensionData\plugins\155_ibario_pops_m.js, In Quarantäne, [a45c49b7c0404cb4f7e80a58b44efa06], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\extensionData\plugins\158_50onred_ads_only_no_fb_m.js, In Quarantäne, [a45c49b7c0404cb4f7e80a58b44efa06], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\extensionData\plugins\159_cortica_rollover_m.js, In Quarantäne, [a45c49b7c0404cb4f7e80a58b44efa06], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\extensionData\plugins\16_FFAppAPIWrapper.js, In Quarantäne, [a45c49b7c0404cb4f7e80a58b44efa06], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\extensionData\userCode\background.js, In Quarantäne, [a45c49b7c0404cb4f7e80a58b44efa06], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\extensionData\userCode\extension.js, In Quarantäne, [a45c49b7c0404cb4f7e80a58b44efa06], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\locale\en-US\translations.dtd, In Quarantäne, [a45c49b7c0404cb4f7e80a58b44efa06], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\skin\button1.png, In Quarantäne, [a45c49b7c0404cb4f7e80a58b44efa06], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\skin\button2.png, In Quarantäne, [a45c49b7c0404cb4f7e80a58b44efa06], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\skin\button3.png, In Quarantäne, [a45c49b7c0404cb4f7e80a58b44efa06], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\skin\button4.png, In Quarantäne, [a45c49b7c0404cb4f7e80a58b44efa06], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\skin\button5.png, In Quarantäne, [a45c49b7c0404cb4f7e80a58b44efa06], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\skin\crossrider_statusbar.png, In Quarantäne, [a45c49b7c0404cb4f7e80a58b44efa06], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\skin\icon128.png, In Quarantäne, [a45c49b7c0404cb4f7e80a58b44efa06], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\skin\icon16.png, In Quarantäne, [a45c49b7c0404cb4f7e80a58b44efa06], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\skin\icon24.png, In Quarantäne, [a45c49b7c0404cb4f7e80a58b44efa06], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\skin\icon48.png, In Quarantäne, [a45c49b7c0404cb4f7e80a58b44efa06], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\skin\panelarrow-up.png, In Quarantäne, [a45c49b7c0404cb4f7e80a58b44efa06], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\skin\popup.html, In Quarantäne, [a45c49b7c0404cb4f7e80a58b44efa06], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\skin\skin.css, In Quarantäne, [a45c49b7c0404cb4f7e80a58b44efa06], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com\skin\update.css, In Quarantäne, [a45c49b7c0404cb4f7e80a58b44efa06], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\chrome.manifest, In Quarantäne, [7888e02040c0ba469b44d19135cd5ca4], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\install.rdf, In Quarantäne, [7888e02040c0ba469b44d19135cd5ca4], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\chrome\content\api.js, In Quarantäne, [7888e02040c0ba469b44d19135cd5ca4], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\chrome\content\background.html, In Quarantäne, [7888e02040c0ba469b44d19135cd5ca4], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\chrome\content\baseObject.js, In Quarantäne, [7888e02040c0ba469b44d19135cd5ca4], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\chrome\content\browser.xul, In Quarantäne, [7888e02040c0ba469b44d19135cd5ca4], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\chrome\content\dialog.js, In Quarantäne, [7888e02040c0ba469b44d19135cd5ca4], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\chrome\content\main.js, In Quarantäne, [7888e02040c0ba469b44d19135cd5ca4], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\chrome\content\options.js, In Quarantäne, [7888e02040c0ba469b44d19135cd5ca4], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\chrome\content\options.xul, In Quarantäne, [7888e02040c0ba469b44d19135cd5ca4], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\chrome\content\search_dialog.xul, In Quarantäne, [7888e02040c0ba469b44d19135cd5ca4], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\chrome\content\api\asyncDB.js, In Quarantäne, [7888e02040c0ba469b44d19135cd5ca4], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\chrome\content\api\background.js, In Quarantäne, [7888e02040c0ba469b44d19135cd5ca4], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\chrome\content\api\browserAction.js, In Quarantäne, [7888e02040c0ba469b44d19135cd5ca4], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\chrome\content\api\contextMenu.js, In Quarantäne, [7888e02040c0ba469b44d19135cd5ca4], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\chrome\content\api\dbManager.js, In Quarantäne, [7888e02040c0ba469b44d19135cd5ca4], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\chrome\content\api\dom_bg.js, In Quarantäne, [7888e02040c0ba469b44d19135cd5ca4], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\chrome\content\api\fileManager.js, In Quarantäne, [7888e02040c0ba469b44d19135cd5ca4], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\chrome\content\api\firefox.js, In Quarantäne, [7888e02040c0ba469b44d19135cd5ca4], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\chrome\content\api\firefoxNotifications.js, In Quarantäne, [7888e02040c0ba469b44d19135cd5ca4], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\chrome\content\api\firefoxOmnibox.js, In Quarantäne, [7888e02040c0ba469b44d19135cd5ca4], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\chrome\content\api\message.js, In Quarantäne, [7888e02040c0ba469b44d19135cd5ca4], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\chrome\content\api\pageAction.js, In Quarantäne, [7888e02040c0ba469b44d19135cd5ca4], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\chrome\content\api\request.js, In Quarantäne, [7888e02040c0ba469b44d19135cd5ca4], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\chrome\content\api\tabs.js, In Quarantäne, [7888e02040c0ba469b44d19135cd5ca4], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\chrome\content\api\webRequest.js, In Quarantäne, [7888e02040c0ba469b44d19135cd5ca4], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\chrome\content\core\console.js, In Quarantäne, [7888e02040c0ba469b44d19135cd5ca4], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\chrome\content\core\consts.js, In Quarantäne, [7888e02040c0ba469b44d19135cd5ca4], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\chrome\content\core\delegate.js, In Quarantäne, [7888e02040c0ba469b44d19135cd5ca4], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\chrome\content\core\extensionDataStore.js, In Quarantäne, [7888e02040c0ba469b44d19135cd5ca4], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\chrome\content\core\folderIOWrapper.js, In Quarantäne, [7888e02040c0ba469b44d19135cd5ca4], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\chrome\content\core\httpObserver.js, In Quarantäne, [7888e02040c0ba469b44d19135cd5ca4], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\chrome\content\core\IDBWrapper.js, In Quarantäne, [7888e02040c0ba469b44d19135cd5ca4], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\chrome\content\core\installer.js, In Quarantäne, [7888e02040c0ba469b44d19135cd5ca4], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\chrome\content\core\logFile.js, In Quarantäne, [7888e02040c0ba469b44d19135cd5ca4], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\chrome\content\core\prefs.js, In Quarantäne, [7888e02040c0ba469b44d19135cd5ca4], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\chrome\content\core\progressListenerObserver.js, In Quarantäne, [7888e02040c0ba469b44d19135cd5ca4], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\chrome\content\core\registry.js, In Quarantäne, [7888e02040c0ba469b44d19135cd5ca4], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\chrome\content\core\reloadObserver.js, In Quarantäne, [7888e02040c0ba469b44d19135cd5ca4], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\chrome\content\core\reports.js, In Quarantäne, [7888e02040c0ba469b44d19135cd5ca4], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\chrome\content\core\requestObject.js, In Quarantäne, [7888e02040c0ba469b44d19135cd5ca4], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\chrome\content\core\searchSettings.js, In Quarantäne, [7888e02040c0ba469b44d19135cd5ca4], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\chrome\content\core\uninstallObserver.js, In Quarantäne, [7888e02040c0ba469b44d19135cd5ca4], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\chrome\content\core\updateManager.js, In Quarantäne, [7888e02040c0ba469b44d19135cd5ca4], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\chrome\content\core\utils.js, In Quarantäne, [7888e02040c0ba469b44d19135cd5ca4], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\chrome\content\core\xhr.js, In Quarantäne, [7888e02040c0ba469b44d19135cd5ca4], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\defaults\preferences\prefs.js, In Quarantäne, [7888e02040c0ba469b44d19135cd5ca4], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\extensionData\manifest.xml, In Quarantäne, [7888e02040c0ba469b44d19135cd5ca4], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\extensionData\plugins.json, In Quarantäne, [7888e02040c0ba469b44d19135cd5ca4], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\extensionData\plugins\101_cortica_m.js, In Quarantäne, [7888e02040c0ba469b44d19135cd5ca4], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\extensionData\plugins\102_dealply_m.js, In Quarantäne, [7888e02040c0ba469b44d19135cd5ca4], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\extensionData\plugins\103_intext_5_m.js, In Quarantäne, [7888e02040c0ba469b44d19135cd5ca4], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\extensionData\plugins\104_jollywallet_m.js, In Quarantäne, [7888e02040c0ba469b44d19135cd5ca4], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\extensionData\plugins\105_corticas_m.js, In Quarantäne, [7888e02040c0ba469b44d19135cd5ca4], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\extensionData\plugins\107_coupish_m.js, In Quarantäne, [7888e02040c0ba469b44d19135cd5ca4], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\extensionData\plugins\108_icm_m.js, In Quarantäne, [7888e02040c0ba469b44d19135cd5ca4], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\extensionData\plugins\116_ads_only_5_m.js, In Quarantäne, [7888e02040c0ba469b44d19135cd5ca4], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\extensionData\plugins\117_coupons_intext_ads_5_m.js, In Quarantäne, [7888e02040c0ba469b44d19135cd5ca4], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\extensionData\plugins\119_similar_web_m.js, In Quarantäne, [7888e02040c0ba469b44d19135cd5ca4], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\extensionData\plugins\120_luck_m.js, In Quarantäne, [7888e02040c0ba469b44d19135cd5ca4], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\extensionData\plugins\16_FFAppAPIWrapper.js, In Quarantäne, [7888e02040c0ba469b44d19135cd5ca4], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\extensionData\plugins\170_icm1_5_m.js, In Quarantäne, [7888e02040c0ba469b44d19135cd5ca4], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\extensionData\plugins\171_arcadi2_sourceID_m.js, In Quarantäne, [7888e02040c0ba469b44d19135cd5ca4], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\extensionData\plugins\174_arcadi_serp_dynamic_id_m.js, In Quarantäne, [7888e02040c0ba469b44d19135cd5ca4], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\extensionData\plugins\175_coolmirage_m.js, In Quarantäne, [7888e02040c0ba469b44d19135cd5ca4], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\extensionData\plugins\17_jQuery.js, In Quarantäne, [7888e02040c0ba469b44d19135cd5ca4], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\extensionData\plugins\1_base.js, In Quarantäne, [7888e02040c0ba469b44d19135cd5ca4], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\extensionData\plugins\21_debug.js, In Quarantäne, [7888e02040c0ba469b44d19135cd5ca4], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\extensionData\plugins\22_resources.js, In Quarantäne, [7888e02040c0ba469b44d19135cd5ca4], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\extensionData\plugins\28_initializer.js, In Quarantäne, [7888e02040c0ba469b44d19135cd5ca4], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\extensionData\plugins\47_resources_background.js, In Quarantäne, [7888e02040c0ba469b44d19135cd5ca4], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\extensionData\plugins\4_jquery_1_7_1.js, In Quarantäne, [7888e02040c0ba469b44d19135cd5ca4], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\extensionData\plugins\64_appApiMessage.js, In Quarantäne, [7888e02040c0ba469b44d19135cd5ca4], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\extensionData\plugins\123_intext_adv_m.js, In Quarantäne, [7888e02040c0ba469b44d19135cd5ca4], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\extensionData\plugins\124_superfish_no_search_no_coupons_m.js, In Quarantäne, [7888e02040c0ba469b44d19135cd5ca4], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\extensionData\plugins\125_arcadi2_m.js, In Quarantäne, [7888e02040c0ba469b44d19135cd5ca4], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\extensionData\plugins\126_revizer_ws_m.js, In Quarantäne, [7888e02040c0ba469b44d19135cd5ca4], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\extensionData\plugins\127_revizer_p_m.js, In Quarantäne, [7888e02040c0ba469b44d19135cd5ca4], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\extensionData\plugins\128_superfish_pricora_m.js, In Quarantäne, [7888e02040c0ba469b44d19135cd5ca4], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\extensionData\plugins\129_widdit_m.js, In Quarantäne, [7888e02040c0ba469b44d19135cd5ca4], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\extensionData\plugins\135_arcadi3_m.js, In Quarantäne, [7888e02040c0ba469b44d19135cd5ca4], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\extensionData\plugins\138_getdeal_m.js, In Quarantäne, [7888e02040c0ba469b44d19135cd5ca4], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\extensionData\plugins\72_appApiValidation.js, In Quarantäne, [7888e02040c0ba469b44d19135cd5ca4], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\extensionData\plugins\78_CrossriderInfo.js, In Quarantäne, [7888e02040c0ba469b44d19135cd5ca4], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\extensionData\plugins\7_hooks.js, In Quarantäne, [7888e02040c0ba469b44d19135cd5ca4], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\extensionData\plugins\87_ginyas_wrapper.js, In Quarantäne, [7888e02040c0ba469b44d19135cd5ca4], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\extensionData\plugins\91_monetizationLoader.js.js, In Quarantäne, [7888e02040c0ba469b44d19135cd5ca4], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\extensionData\plugins\92_superfish_m.js, In Quarantäne, [7888e02040c0ba469b44d19135cd5ca4], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\extensionData\plugins\93_superfish_no_coupons_m.js, In Quarantäne, [7888e02040c0ba469b44d19135cd5ca4], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\extensionData\plugins\98_omniCommands.js, In Quarantäne, [7888e02040c0ba469b44d19135cd5ca4], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\extensionData\plugins\9_search_engine_hook.js, In Quarantäne, [7888e02040c0ba469b44d19135cd5ca4], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\extensionData\plugins\13_CrossriderAppUtils.js, In Quarantäne, [7888e02040c0ba469b44d19135cd5ca4], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\extensionData\plugins\141_corticas_ru_m.js.js, In Quarantäne, [7888e02040c0ba469b44d19135cd5ca4], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\extensionData\plugins\142_intext_fa_m.js, In Quarantäne, [7888e02040c0ba469b44d19135cd5ca4], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\extensionData\plugins\14_CrossriderUtils.js, In Quarantäne, [7888e02040c0ba469b44d19135cd5ca4], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\extensionData\plugins\155_ibario_pops_m.js, In Quarantäne, [7888e02040c0ba469b44d19135cd5ca4], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\extensionData\plugins\158_50onred_ads_only_no_fb_m.js, In Quarantäne, [7888e02040c0ba469b44d19135cd5ca4], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\extensionData\plugins\159_cortica_rollover_m.js, In Quarantäne, [7888e02040c0ba469b44d19135cd5ca4], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\extensionData\userCode\background.js, In Quarantäne, [7888e02040c0ba469b44d19135cd5ca4], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\extensionData\userCode\extension.js, In Quarantäne, [7888e02040c0ba469b44d19135cd5ca4], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\locale\en-US\translations.dtd, In Quarantäne, [7888e02040c0ba469b44d19135cd5ca4], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\skin\button1.png, In Quarantäne, [7888e02040c0ba469b44d19135cd5ca4], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\skin\button2.png, In Quarantäne, [7888e02040c0ba469b44d19135cd5ca4], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\skin\button3.png, In Quarantäne, [7888e02040c0ba469b44d19135cd5ca4], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\skin\button4.png, In Quarantäne, [7888e02040c0ba469b44d19135cd5ca4], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\skin\button5.png, In Quarantäne, [7888e02040c0ba469b44d19135cd5ca4], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\skin\crossrider_statusbar.png, In Quarantäne, [7888e02040c0ba469b44d19135cd5ca4], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\skin\icon128.png, In Quarantäne, [7888e02040c0ba469b44d19135cd5ca4], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\skin\icon16.png, In Quarantäne, [7888e02040c0ba469b44d19135cd5ca4], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\skin\icon24.png, In Quarantäne, [7888e02040c0ba469b44d19135cd5ca4], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\skin\icon48.png, In Quarantäne, [7888e02040c0ba469b44d19135cd5ca4], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\skin\panelarrow-up.png, In Quarantäne, [7888e02040c0ba469b44d19135cd5ca4], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\skin\popup.html, In Quarantäne, [7888e02040c0ba469b44d19135cd5ca4], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\skin\skin.css, In Quarantäne, [7888e02040c0ba469b44d19135cd5ca4], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\skin\update.css, In Quarantäne, [7888e02040c0ba469b44d19135cd5ca4], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_incpbbmbclbkhjphicahojidkcabaajc_0\3, In Quarantäne, [f60a639dd42c68988f3dbbaa07fb44bc], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Local\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.18_0\background.html, In Quarantäne, [e51b7c8443bd60a03b97a5c0a55d817f], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Local\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.18_0\crossriderManifest.json, In Quarantäne, [e51b7c8443bd60a03b97a5c0a55d817f], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Local\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.18_0\manifest.json, In Quarantäne, [e51b7c8443bd60a03b97a5c0a55d817f], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Local\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.18_0\popup.html, In Quarantäne, [e51b7c8443bd60a03b97a5c0a55d817f], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Local\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.18_0\extensionData\manifest.xml, In Quarantäne, [e51b7c8443bd60a03b97a5c0a55d817f], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Local\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.18_0\extensionData\plugins.json, In Quarantäne, [e51b7c8443bd60a03b97a5c0a55d817f], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Local\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.18_0\extensionData\plugins\21_debug.js, In Quarantäne, [e51b7c8443bd60a03b97a5c0a55d817f], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Local\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.18_0\extensionData\plugins\101_cortica_m.js, In Quarantäne, [e51b7c8443bd60a03b97a5c0a55d817f], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Local\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.18_0\extensionData\plugins\102_dealply_m.js, In Quarantäne, [e51b7c8443bd60a03b97a5c0a55d817f], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Local\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.18_0\extensionData\plugins\103_intext_5_m.js, In Quarantäne, [e51b7c8443bd60a03b97a5c0a55d817f], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Local\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.18_0\extensionData\plugins\104_jollywallet_m.js, In Quarantäne, [e51b7c8443bd60a03b97a5c0a55d817f], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Local\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.18_0\extensionData\plugins\105_corticas_m.js, In Quarantäne, [e51b7c8443bd60a03b97a5c0a55d817f], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Local\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.18_0\extensionData\plugins\107_coupish_m.js, In Quarantäne, [e51b7c8443bd60a03b97a5c0a55d817f], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Local\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.18_0\extensionData\plugins\108_icm_m.js, In Quarantäne, [e51b7c8443bd60a03b97a5c0a55d817f], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Local\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.18_0\extensionData\plugins\116_ads_only_5_m.js, In Quarantäne, [e51b7c8443bd60a03b97a5c0a55d817f], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Local\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.18_0\extensionData\plugins\117_coupons_intext_ads_5_m.js, In Quarantäne, [e51b7c8443bd60a03b97a5c0a55d817f], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Local\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.18_0\extensionData\plugins\119_similar_web_m.js, In Quarantäne, [e51b7c8443bd60a03b97a5c0a55d817f], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Local\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.18_0\extensionData\plugins\120_luck_m.js, In Quarantäne, [e51b7c8443bd60a03b97a5c0a55d817f], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Local\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.18_0\extensionData\plugins\123_intext_adv_m.js, In Quarantäne, [e51b7c8443bd60a03b97a5c0a55d817f], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Local\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.18_0\extensionData\plugins\124_superfish_no_search_no_coupons_m.js, In Quarantäne, [e51b7c8443bd60a03b97a5c0a55d817f], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Local\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.18_0\extensionData\plugins\125_arcadi2_m.js, In Quarantäne, [e51b7c8443bd60a03b97a5c0a55d817f], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Local\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.18_0\extensionData\plugins\126_revizer_ws_m.js, In Quarantäne, [e51b7c8443bd60a03b97a5c0a55d817f], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Local\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.18_0\extensionData\plugins\127_revizer_p_m.js, In Quarantäne, [e51b7c8443bd60a03b97a5c0a55d817f], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Local\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.18_0\extensionData\plugins\128_superfish_pricora_m.js, In Quarantäne, [e51b7c8443bd60a03b97a5c0a55d817f], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Local\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.18_0\extensionData\plugins\129_widdit_m.js, In Quarantäne, [e51b7c8443bd60a03b97a5c0a55d817f], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Local\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.18_0\extensionData\plugins\135_arcadi3_m.js, In Quarantäne, [e51b7c8443bd60a03b97a5c0a55d817f], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Local\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.18_0\extensionData\plugins\138_getdeal_m.js, In Quarantäne, [e51b7c8443bd60a03b97a5c0a55d817f], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Local\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.18_0\extensionData\plugins\13_CrossriderAppUtils.js, In Quarantäne, [e51b7c8443bd60a03b97a5c0a55d817f], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Local\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.18_0\extensionData\plugins\141_corticas_ru_m.js.js, In Quarantäne, [e51b7c8443bd60a03b97a5c0a55d817f], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Local\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.18_0\extensionData\plugins\142_intext_fa_m.js, In Quarantäne, [e51b7c8443bd60a03b97a5c0a55d817f], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Local\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.18_0\extensionData\plugins\14_CrossriderUtils.js, In Quarantäne, [e51b7c8443bd60a03b97a5c0a55d817f], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Local\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.18_0\extensionData\plugins\155_ibario_pops_m.js, In Quarantäne, [e51b7c8443bd60a03b97a5c0a55d817f], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Local\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.18_0\extensionData\plugins\158_50onred_ads_only_no_fb_m.js, In Quarantäne, [e51b7c8443bd60a03b97a5c0a55d817f], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Local\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.18_0\extensionData\plugins\159_cortica_rollover_m.js, In Quarantäne, [e51b7c8443bd60a03b97a5c0a55d817f], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Local\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.18_0\extensionData\plugins\170_icm1_5_m.js, In Quarantäne, [e51b7c8443bd60a03b97a5c0a55d817f], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Local\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.18_0\extensionData\plugins\171_arcadi2_sourceID_m.js, In Quarantäne, [e51b7c8443bd60a03b97a5c0a55d817f], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Local\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.18_0\extensionData\plugins\174_arcadi_serp_dynamic_id_m.js, In Quarantäne, [e51b7c8443bd60a03b97a5c0a55d817f], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Local\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.18_0\extensionData\plugins\175_coolmirage_m.js, In Quarantäne, [e51b7c8443bd60a03b97a5c0a55d817f], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Local\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.18_0\extensionData\plugins\178_revizer_ws_dynamic_m.js, In Quarantäne, [e51b7c8443bd60a03b97a5c0a55d817f], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Local\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.18_0\extensionData\plugins\179_revizer_p_dynamic_m.js, In Quarantäne, [e51b7c8443bd60a03b97a5c0a55d817f], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Local\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.18_0\extensionData\plugins\17_jQuery.js, In Quarantäne, [e51b7c8443bd60a03b97a5c0a55d817f], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Local\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.18_0\extensionData\plugins\19_CHAppAPIWrapper.js, In Quarantäne, [e51b7c8443bd60a03b97a5c0a55d817f], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Local\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.18_0\extensionData\plugins\1_base.js, In Quarantäne, [e51b7c8443bd60a03b97a5c0a55d817f], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Local\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.18_0\extensionData\plugins\22_resources.js, In Quarantäne, [e51b7c8443bd60a03b97a5c0a55d817f], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Local\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.18_0\extensionData\plugins\28_initializer.js, In Quarantäne, [e51b7c8443bd60a03b97a5c0a55d817f], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Local\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.18_0\extensionData\plugins\47_resources_background.js, In Quarantäne, [e51b7c8443bd60a03b97a5c0a55d817f], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Local\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.18_0\extensionData\plugins\4_jquery_1_7_1.js, In Quarantäne, [e51b7c8443bd60a03b97a5c0a55d817f], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Local\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.18_0\extensionData\plugins\64_appApiMessage.js, In Quarantäne, [e51b7c8443bd60a03b97a5c0a55d817f], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Local\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.18_0\extensionData\plugins\72_appApiValidation.js, In Quarantäne, [e51b7c8443bd60a03b97a5c0a55d817f], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Local\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.18_0\extensionData\plugins\78_CrossriderInfo.js, In Quarantäne, [e51b7c8443bd60a03b97a5c0a55d817f], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Local\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.18_0\extensionData\plugins\7_hooks.js, In Quarantäne, [e51b7c8443bd60a03b97a5c0a55d817f], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Local\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.18_0\extensionData\plugins\80_CHPopupAppAPI.js, In Quarantäne, [e51b7c8443bd60a03b97a5c0a55d817f], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Local\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.18_0\extensionData\plugins\87_ginyas_wrapper.js, In Quarantäne, [e51b7c8443bd60a03b97a5c0a55d817f], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Local\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.18_0\extensionData\plugins\91_monetizationLoader.js.js, In Quarantäne, [e51b7c8443bd60a03b97a5c0a55d817f], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Local\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.18_0\extensionData\plugins\92_superfish_m.js, In Quarantäne, [e51b7c8443bd60a03b97a5c0a55d817f], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Local\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.18_0\extensionData\plugins\93_superfish_no_coupons_m.js, In Quarantäne, [e51b7c8443bd60a03b97a5c0a55d817f], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Local\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.18_0\extensionData\plugins\97_resourceApiWrapper.js, In Quarantäne, [e51b7c8443bd60a03b97a5c0a55d817f], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Local\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.18_0\extensionData\plugins\9_search_engine_hook.js, In Quarantäne, [e51b7c8443bd60a03b97a5c0a55d817f], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Local\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.18_0\extensionData\userCode\background.js, In Quarantäne, [e51b7c8443bd60a03b97a5c0a55d817f], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Local\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.18_0\extensionData\userCode\extension.js, In Quarantäne, [e51b7c8443bd60a03b97a5c0a55d817f], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Local\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.18_0\icons\icon128.png, In Quarantäne, [e51b7c8443bd60a03b97a5c0a55d817f], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Local\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.18_0\icons\icon16.png, In Quarantäne, [e51b7c8443bd60a03b97a5c0a55d817f], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Local\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.18_0\icons\icon48.png, In Quarantäne, [e51b7c8443bd60a03b97a5c0a55d817f], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Local\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.18_0\icons\actions\1.png, In Quarantäne, [e51b7c8443bd60a03b97a5c0a55d817f], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Local\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.18_0\js\background.js, In Quarantäne, [e51b7c8443bd60a03b97a5c0a55d817f], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Local\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.18_0\js\main.js, In Quarantäne, [e51b7c8443bd60a03b97a5c0a55d817f], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Local\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.18_0\js\api\chrome.js, In Quarantäne, [e51b7c8443bd60a03b97a5c0a55d817f], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Local\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.18_0\js\api\cookie.js, In Quarantäne, [e51b7c8443bd60a03b97a5c0a55d817f], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Local\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.18_0\js\api\message.js, In Quarantäne, [e51b7c8443bd60a03b97a5c0a55d817f], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Local\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.18_0\js\api\pageAction.js, In Quarantäne, [e51b7c8443bd60a03b97a5c0a55d817f], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Local\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.18_0\js\api\pageActionBG.js, In Quarantäne, [e51b7c8443bd60a03b97a5c0a55d817f], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Local\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.18_0\js\lib\app_api.js, In Quarantäne, [e51b7c8443bd60a03b97a5c0a55d817f], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Local\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.18_0\js\lib\bg_app_api.js, In Quarantäne, [e51b7c8443bd60a03b97a5c0a55d817f], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Local\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.18_0\js\lib\consts.js, In Quarantäne, [e51b7c8443bd60a03b97a5c0a55d817f], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Local\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.18_0\js\lib\cookie_store.js, In Quarantäne, [e51b7c8443bd60a03b97a5c0a55d817f], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Local\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.18_0\js\lib\crossriderAPI.js, In Quarantäne, [e51b7c8443bd60a03b97a5c0a55d817f], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Local\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.18_0\js\lib\delegate.js, In Quarantäne, [e51b7c8443bd60a03b97a5c0a55d817f], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Local\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.18_0\js\lib\events.js, In Quarantäne, [e51b7c8443bd60a03b97a5c0a55d817f], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Local\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.18_0\js\lib\extensionDataStore.js, In Quarantäne, [e51b7c8443bd60a03b97a5c0a55d817f], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Local\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.18_0\js\lib\installer.js, In Quarantäne, [e51b7c8443bd60a03b97a5c0a55d817f], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Local\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.18_0\js\lib\logFile.js, In Quarantäne, [e51b7c8443bd60a03b97a5c0a55d817f], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Local\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.18_0\js\lib\logging.js, In Quarantäne, [e51b7c8443bd60a03b97a5c0a55d817f], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Local\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.18_0\js\lib\onBGDocumentLoad.js, In Quarantäne, [e51b7c8443bd60a03b97a5c0a55d817f], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Local\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.18_0\js\lib\reports.js, In Quarantäne, [e51b7c8443bd60a03b97a5c0a55d817f], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Local\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.18_0\js\lib\storageWrapper.js, In Quarantäne, [e51b7c8443bd60a03b97a5c0a55d817f], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Local\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.18_0\js\lib\updateManager.js, In Quarantäne, [e51b7c8443bd60a03b97a5c0a55d817f], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Local\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.18_0\js\lib\util.js, In Quarantäne, [e51b7c8443bd60a03b97a5c0a55d817f], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Local\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.18_0\js\lib\xhr.js, In Quarantäne, [e51b7c8443bd60a03b97a5c0a55d817f], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Local\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.18_0\js\lib\popupResource\newPopup.js, In Quarantäne, [e51b7c8443bd60a03b97a5c0a55d817f], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Local\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.18_0\js\lib\popupResource\popup.js, In Quarantäne, [e51b7c8443bd60a03b97a5c0a55d817f], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\incpbbmbclbkhjphicahojidkcabaajc\000171.sst, In Quarantäne, [be4238c87888c53b9d3c98cdf80a04fc], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\incpbbmbclbkhjphicahojidkcabaajc\000176.sst, In Quarantäne, [be4238c87888c53b9d3c98cdf80a04fc], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\incpbbmbclbkhjphicahojidkcabaajc\000179.sst, In Quarantäne, [be4238c87888c53b9d3c98cdf80a04fc], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\incpbbmbclbkhjphicahojidkcabaajc\000180.log, In Quarantäne, [be4238c87888c53b9d3c98cdf80a04fc], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\incpbbmbclbkhjphicahojidkcabaajc\CURRENT, In Quarantäne, [be4238c87888c53b9d3c98cdf80a04fc], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\incpbbmbclbkhjphicahojidkcabaajc\LOCK, In Quarantäne, [be4238c87888c53b9d3c98cdf80a04fc], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\incpbbmbclbkhjphicahojidkcabaajc\LOG, In Quarantäne, [be4238c87888c53b9d3c98cdf80a04fc], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\incpbbmbclbkhjphicahojidkcabaajc\LOG.old, In Quarantäne, [be4238c87888c53b9d3c98cdf80a04fc], PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\incpbbmbclbkhjphicahojidkcabaajc\MANIFEST-000178, In Quarantäne, [be4238c87888c53b9d3c98cdf80a04fc], PUP.Optional.SuperLyrics.A, C:\Users\Same\AppData\Local\SuperLyrics-16-BrowserExtensionUninstall\44162.crx, In Quarantäne, [1ce40af64eb20df3fe04bcaa3ec440c0], PUP.Optional.SuperLyrics.A, C:\Users\Same\AppData\Local\SuperLyrics-16-BrowserExtensionUninstall\44162.xpi, In Quarantäne, [1ce40af64eb20df3fe04bcaa3ec440c0], PUP.Optional.SuperLyrics.A, C:\Users\Same\AppData\Local\SuperLyrics-16-BrowserExtensionUninstall\Installer.log, In Quarantäne, [1ce40af64eb20df3fe04bcaa3ec440c0], PUP.Optional.SuperLyrics.A, C:\Users\Same\AppData\Local\SuperLyrics-16-BrowserExtensionUninstall\SuperLyrics-16-chromeinstaller.exe, In Quarantäne, [1ce40af64eb20df3fe04bcaa3ec440c0], PUP.Optional.SuperLyrics.A, C:\Users\Same\AppData\Local\SuperLyrics-16-BrowserExtensionUninstall\SuperLyrics-16-firefoxinstaller.exe, In Quarantäne, [1ce40af64eb20df3fe04bcaa3ec440c0], PUP.Optional.SuperLyrics.A, C:\Users\Same\AppData\Local\SuperLyrics-16-BrowserExtensionUninstall\Uninstall.exe, In Quarantäne, [1ce40af64eb20df3fe04bcaa3ec440c0], PUP.Optional.SnapDo.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\prefs.js, Gut: (), Schlecht: (user_pref("browser.newtab.url", "hxxp://feed.snapdo.com/?publisher=Tuguu&dpid=TuguuCR&co=DE&userid=14cd5bce-ca82-dc68-f5d6-30b69613d004&searchtype=nt&installDate={installDate}");), Ersetzt,[41bf956b2cd4b14f1dc4be91b74d37c9] PUP.Optional.SnapDo.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\prefs.js, Gut: (), Schlecht: (user_pref("keyword.URL", "hxxp://feed.snapdo.com/?publisher=Tuguu&dpid=TuguuCR&co=DE&userid=14cd5bce-ca82-dc68-f5d6-30b69613d004&searchtype=ds&installDate={installDate}&q=");), Ersetzt,[cf31a957c53bfc04d2100c43b94bbb45] PUP.Optional.CrossRider.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.crossrider.bic", "141cfa9bafd7a31fc4d6db4148ae0da2");), Ersetzt,[eb15bd43ca3607f92ebb3619c34134cc] PUP.Optional.Snapdo.A, C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\prefs.js, Gut: (), Schlecht: (user_pref("browser.startup.homepage", "hxxp://feed.snapdo.com/?publisher=Tuguu&dpid=TuguuCR&co=DE&userid=14cd5bce-ca82-dc68-f5d6-30b69613d004&searchtype=hp&installDate={installDate}");), Ersetzt,[c9378c7415eb5ea21023480828dca45c] PUP.Optional.Snapdo.A, C:\Users\Toni\AppData\Local\Google\Chrome\User Data\Default\Preferences, Gut: (), Schlecht: ( "startup_urls": [ "hxxp://www.google.com/", "hxxp://feed.snapdo.com/?publisher=Tuguu&dpid=TuguuCR&co=DE&userid=14cd5bce-ca82-dc68-f5d6-30b69613d004&searchtype=hp&installDate={installDate}", "hxxp://de.msn.com/?pc=UP97&ocid=UP97DHP" ],), Ersetzt,[6d93c739738d22de2f9c064aa55f9e62] Physische Sektoren: 0 (No malicious items detected) (end) Code:
ATTFilter # AdwCleaner v3.100 - Bericht erstellt am 20/04/2014 um 20:40:38 # Aktualisiert 20/04/2014 von Xplode # Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits) # Benutzername : Toni - TONI-HP # Gestartet von : C:\Users\Toni\Downloads\adwcleaner.exe # Option : Löschen ***** [ Dienste ] ***** ***** [ Dateien / Ordner ] ***** Ordner Gelöscht : C:\ProgramData\Babylon Ordner Gelöscht : C:\ProgramData\Trymedia Ordner Gelöscht : C:\ProgramData\Uniblue Ordner Gelöscht : C:\Program Files (x86)\DAEMON Tools Toolbar Ordner Gelöscht : C:\Program Files (x86)\yourfiledownloader Ordner Gelöscht : C:\Windows\Uninstaller Ordner Gelöscht : C:\Windows\SysWOW64\SearchProtect Ordner Gelöscht : C:\Users\Toni\AppData\Local\Babylon Ordner Gelöscht : C:\Users\Toni\AppData\Local\OpenCandy Ordner Gelöscht : C:\Users\Toni\AppData\LocalLow\boost_interprocess Ordner Gelöscht : C:\Users\Toni\AppData\Roaming\Babylon Ordner Gelöscht : C:\Users\Toni\AppData\Roaming\yourfiledownloader Ordner Gelöscht : C:\Users\Same\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup Ordner Gelöscht : C:\Users\Same\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk Datei Gelöscht : C:\Users\Same\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk Datei Gelöscht : C:\Users\Same\Desktop\MyPC Backup.lnk Datei Gelöscht : C:\Users\Toni\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.babylon.com_0.localstorage Datei Gelöscht : C:\Users\Toni\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.babylon.com_0.localstorage-journal ***** [ Verknüpfungen ] ***** ***** [ Registrierungsdatenbank ] ***** Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escort.DLL Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\driverscanner Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASAPI32 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASMANCS Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\driverscanner_RASAPI32 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\driverscanner_RASMANCS Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\YourFile_RASAPI32 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\YourFile_RASMANCS Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\YourFileUpdater_RASAPI32 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\YourFileUpdater_RASMANCS Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_klebezettel-ng_RASAPI32 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_klebezettel-ng_RASMANCS Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{32099AAC-C132-4136-9E9A-4E364A424E17} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{32099AAC-C132-4136-9E9A-4E364A424E17} Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9} Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4FC7-90CC-5EA0ABBE9EB8} Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{32099AAC-C132-4136-9E9A-4E364A424E17}] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17} Wert Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{32099AAC-C132-4136-9E9A-4E364A424E17}] Schlüssel Gelöscht : HKCU\Software\Conduit Schlüssel Gelöscht : HKCU\Software\dt soft\daemon tools toolbar Schlüssel Gelöscht : HKCU\Software\Softonic Schlüssel Gelöscht : HKCU\Software\YahooPartnerToolbar Schlüssel Gelöscht : HKCU\Software\YourFileDownloader Schlüssel Gelöscht : HKLM\Software\Babylon Schlüssel Gelöscht : HKLM\Software\Conduit Schlüssel Gelöscht : HKLM\Software\Trymedia Systems Schlüssel Gelöscht : HKLM\Software\Uniblue Schlüssel Gelöscht : HKLM\Software\YourFileDownloader Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\DivX\Install\Setup\WizardLayout\ConduitToolbar ***** [ Browser ] ***** -\\ Internet Explorer v11.0.9600.16521 -\\ Mozilla Firefox v28.0 (de) [ Datei : C:\Users\Toni\AppData\Roaming\Mozilla\Firefox\Profiles\54ueq59q.default-1392319113432\prefs.js ] [ Datei : C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\prefs.js ] Zeile gelöscht : user_pref("browser.search.selectedEngine", "Web Search"); -\\ Google Chrome v [ Datei : C:\Users\Toni\AppData\Local\Google\Chrome\User Data\Default\preferences ] [ Datei : C:\Users\Same\AppData\Local\Google\Chrome\User Data\Default\preferences ] Gelöscht : urls_to_restore_on_startup ************************* AdwCleaner[R0].txt - [6746 octets] - [20/04/2014 20:39:23] AdwCleaner[S0].txt - [5966 octets] - [20/04/2014 20:40:38] Geändert von trojanertoni (20.04.2014 um 23:11 Uhr) Grund: Doppelt |
20.04.2014, 23:09 | #7 |
| Festplattenzugriff sehr langsam - Malware? Zweiter Teil! JRT: Code:
ATTFilter # AdwCleaner v3.100 - Bericht erstellt am 20/04/2014 um 20:40:38 # Aktualisiert 20/04/2014 von Xplode # Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits) # Benutzername : Toni - TONI-HP # Gestartet von : C:\Users\Toni\Downloads\adwcleaner.exe # Option : Löschen ***** [ Dienste ] ***** ***** [ Dateien / Ordner ] ***** Ordner Gelöscht : C:\ProgramData\Babylon Ordner Gelöscht : C:\ProgramData\Trymedia Ordner Gelöscht : C:\ProgramData\Uniblue Ordner Gelöscht : C:\Program Files (x86)\DAEMON Tools Toolbar Ordner Gelöscht : C:\Program Files (x86)\yourfiledownloader Ordner Gelöscht : C:\Windows\Uninstaller Ordner Gelöscht : C:\Windows\SysWOW64\SearchProtect Ordner Gelöscht : C:\Users\Toni\AppData\Local\Babylon Ordner Gelöscht : C:\Users\Toni\AppData\Local\OpenCandy Ordner Gelöscht : C:\Users\Toni\AppData\LocalLow\boost_interprocess Ordner Gelöscht : C:\Users\Toni\AppData\Roaming\Babylon Ordner Gelöscht : C:\Users\Toni\AppData\Roaming\yourfiledownloader Ordner Gelöscht : C:\Users\Same\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup Ordner Gelöscht : C:\Users\Same\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk Datei Gelöscht : C:\Users\Same\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk Datei Gelöscht : C:\Users\Same\Desktop\MyPC Backup.lnk Datei Gelöscht : C:\Users\Toni\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.babylon.com_0.localstorage Datei Gelöscht : C:\Users\Toni\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.babylon.com_0.localstorage-journal ***** [ Verknüpfungen ] ***** ***** [ Registrierungsdatenbank ] ***** Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escort.DLL Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\driverscanner Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASAPI32 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASMANCS Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\driverscanner_RASAPI32 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\driverscanner_RASMANCS Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\YourFile_RASAPI32 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\YourFile_RASMANCS Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\YourFileUpdater_RASAPI32 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\YourFileUpdater_RASMANCS Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_klebezettel-ng_RASAPI32 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_klebezettel-ng_RASMANCS Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{32099AAC-C132-4136-9E9A-4E364A424E17} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{32099AAC-C132-4136-9E9A-4E364A424E17} Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9} Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4FC7-90CC-5EA0ABBE9EB8} Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{32099AAC-C132-4136-9E9A-4E364A424E17}] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17} Wert Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{32099AAC-C132-4136-9E9A-4E364A424E17}] Schlüssel Gelöscht : HKCU\Software\Conduit Schlüssel Gelöscht : HKCU\Software\dt soft\daemon tools toolbar Schlüssel Gelöscht : HKCU\Software\Softonic Schlüssel Gelöscht : HKCU\Software\YahooPartnerToolbar Schlüssel Gelöscht : HKCU\Software\YourFileDownloader Schlüssel Gelöscht : HKLM\Software\Babylon Schlüssel Gelöscht : HKLM\Software\Conduit Schlüssel Gelöscht : HKLM\Software\Trymedia Systems Schlüssel Gelöscht : HKLM\Software\Uniblue Schlüssel Gelöscht : HKLM\Software\YourFileDownloader Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\DivX\Install\Setup\WizardLayout\ConduitToolbar ***** [ Browser ] ***** -\\ Internet Explorer v11.0.9600.16521 -\\ Mozilla Firefox v28.0 (de) [ Datei : C:\Users\Toni\AppData\Roaming\Mozilla\Firefox\Profiles\54ueq59q.default-1392319113432\prefs.js ] [ Datei : C:\Users\Same\AppData\Roaming\Mozilla\Firefox\Profiles\1vrvnr5l.default\prefs.js ] Zeile gelöscht : user_pref("browser.search.selectedEngine", "Web Search"); -\\ Google Chrome v [ Datei : C:\Users\Toni\AppData\Local\Google\Chrome\User Data\Default\preferences ] [ Datei : C:\Users\Same\AppData\Local\Google\Chrome\User Data\Default\preferences ] Gelöscht : urls_to_restore_on_startup ************************* AdwCleaner[R0].txt - [6746 octets] - [20/04/2014 20:39:23] AdwCleaner[S0].txt - [5966 octets] - [20/04/2014 20:40:38] ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [6026 octets] ########## FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 20-04-2014 02 Ran by Toni (administrator) on TONI-HP on 21-04-2014 00:00:07 Running from C:\Users\Toni\Downloads Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard Internet Explorer Version 11 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe (AMD) C:\Windows\system32\atiesrxx.exe (IDT, Inc.) C:\Program Files\IDT\WDM\STacSV64.exe (AMD) C:\Windows\system32\atieclxx.exe (Hewlett-Packard Company) C:\Windows\system32\Hpservice.exe (Validity Sensors, Inc.) C:\Windows\system32\vcsFPService.exe (Egis Technology Inc. ) C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe (Egis Technology Inc. ) C:\Program Files (x86)\Hewlett-Packard\HP SimplePass Identity Protection\EgisService.exe (Microsoft Corporation) C:\Windows\system32\WLANExt.exe (Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe (REINER SCT) C:\Windows\SysWOW64\cjpcsc.exe (Cisco Systems, Inc.) C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe (EasyBits Software AS) C:\Windows\SysWOW64\ezSharedSvcHost.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe (O&O Software GmbH) C:\Program Files\OO Software\DriveLED\oodlag.exe () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe (Intel Corporation) C:\Windows\system32\hkcmd.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE (Mekentosj BV) C:\Program Files (x86)\Mekentosj\Papers\Citations.exe (Dropbox, Inc.) C:\Users\Toni\AppData\Roaming\Dropbox\bin\Dropbox.exe (OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin () C:\Program Files (x86)\Besta\PSH2.0\PSH2.exe (Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe () C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe (RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe (Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe (RealNetworks, Inc.) c:\program files (x86)\real\realplayer\RealPlay.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-13] (Synaptics Incorporated) HKLM\...\Run: [IntelWireless] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1928976 2010-03-05] (Intel(R) Corporation) HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [324096 2010-09-07] (Alcor Micro Corp.) HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [525312 2011-01-25] (IDT, Inc.) HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1266912 2013-10-23] (Microsoft Corporation) HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-06-21] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2010-04-27] (Intel Corporation) HKLM-x32\...\Run: [EgisTecPMMUpdate] => C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe [401192 2009-12-24] (Egis Technology Inc.) HKLM-x32\...\Run: [EgisUpdate] => C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe [201512 2009-12-24] (Egis Technology Inc.) HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated) HKLM-x32\...\Run: [ServiceHome] => C:\Program Files (x86)\Besta\PSH2.0\PSH2.exe [3067904 2010-08-20] () HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation) HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.) HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-05-20] (DivX, LLC) HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [163000 2012-12-12] (Geek Software GmbH) HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1263952 2013-02-13] () HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [295512 2013-11-13] (RealNetworks, Inc.) HKLM-x32\...\Run: [Magic Desktop for HP notification] => C:\ProgramData\Easybits Magic Desktop for HP\mdhpSUN.exe [1258504 2013-12-25] (Easybits) HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.) HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) Winlogon\Notify\ScCertProp: wlnotify.dll [X] HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1 HKU\S-1-5-21-1437298276-3645973725-722044047-1001\...\Run: [Klebezettel NG] => [X] HKU\S-1-5-21-1437298276-3645973725-722044047-1001\...\Run: [F.lux] => C:\Users\Toni\AppData\Local\FluxSoftware\Flux\flux.exe [1016712 2013-10-16] (Flux Software LLC) HKU\S-1-5-21-1437298276-3645973725-722044047-1001\...\Run: [OfficeSyncProcess] => C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [720064 2013-04-22] (Microsoft Corporation) HKU\S-1-5-21-1437298276-3645973725-722044047-1001\...\Run: [Citations] => C:\Program Files (x86)\Mekentosj\Papers\Citations.exe [664064 2013-03-12] (Mekentosj BV) HKU\S-1-5-21-1437298276-3645973725-722044047-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [20922016 2014-02-10] (Skype Technologies S.A.) HKU\S-1-5-21-1437298276-3645973725-722044047-1001\...\Policies\system: [DisableLockWorkstation] 0 HKU\S-1-5-21-1437298276-3645973725-722044047-1001\...\Policies\system: [DisableChangePassword] 0 Startup: C:\Users\Toni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\Toni\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) Startup: C:\Users\Toni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM - {3A39D5F3-635C-44AB-A170-7EB25B6239D7} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF SearchScopes: HKLM - {99E87C1F-BC2F-42C6-9B24-5B9FA12E628F} URL = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms} SearchScopes: HKLM-x32 - {3A39D5F3-635C-44AB-A170-7EB25B6239D7} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF SearchScopes: HKCU - E69BCC8206984B329D06D7635D8406BF URL = hxxp://search.babylon.com/web/{searchTerms}?babsrc=SP_ss&affID=100489&mntrId=e8c86a190000000000000026c7a85423 SearchScopes: HKCU - {3A39D5F3-635C-44AB-A170-7EB25B6239D7} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF SearchScopes: HKCU - {750CF89F-CA32-4255-9B2D-786E9F5C1E49} URL = BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) BHO: EgisPBIE Class - {7B51CCBE-4AF9-44A6-BDAB-D7F7E4C4E6F9} - C:\Program Files (x86)\Hewlett-Packard\HP SimplePass Identity Protection\x64\EgisPBIE.dll (Egis Technology Inc.) BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation) BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader) BHO-x32: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: EgisPBIE Class - {7B51CCBE-4AF9-44A6-BDAB-D7F7E4C4E6F9} - C:\Program Files (x86)\Hewlett-Packard\HP SimplePass Identity Protection\EgisPBIE.dll (Egis Technology Inc.) BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation) BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: No Name - {B530A9A4-1722-4D16-AAD6-AA85E3AD2ADE} - No File BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) DPF: HKLM-x32 {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} hxxp://quickscan.bitdefender.com/qsax/qsax.cab Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation) Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 Tcpip\..\Interfaces\{30B2CFE4-82E7-44F2-ABFF-E00AF5D91C19}: [NameServer]0.0.0.0 FireFox: ======== FF ProfilePath: C:\Users\Toni\AppData\Roaming\Mozilla\Firefox\Profiles\54ueq59q.default-1392319113432 FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll () FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.) FF Plugin: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll () FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.) FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf - C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @real.com/nppl3260;version=16.0.3.51 - c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=15.0.6.14 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprphtml5videoshim;version=15.0.6.14 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprpplugin;version=16.0.3.51 - c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer) FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader) FF Plugin-x32: @sun.com/npsopluginmi;version=1.0 - C:\Program Files (x86)\OpenOffice.org 3\program () FF Plugin-x32: @videolan.org/vlc,version=2.0.2 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.2 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.3 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nprpplugin.dll (RealPlayer) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll (Nullsoft, Inc.) FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: Bitdefender QuickScan - C:\Users\Toni\AppData\Roaming\Mozilla\Firefox\Profiles\54ueq59q.default-1392319113432\Extensions\{e001c731-5e37-4538-a5cb-8168736a2360} [2014-04-15] FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-04-14] FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-04-11] FF HKLM-x32\...\Firefox\Extensions: [{41ecbc0b-34d5-4cd4-935f-253a30e2cb7e}] - C:\Program Files (x86)\Hewlett-Packard\HP SimplePass Identity Protection\FFExt FF Extension: SimplePass Online Accounts Extension - C:\Program Files (x86)\Hewlett-Packard\HP SimplePass Identity Protection\FFExt [2010-10-08] FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 FF Extension: DivX Plus Web Player HTML5 <video> - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012-02-06] FF HKLM-x32\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [] Chrome: ======= CHR HomePage: hxxp://de.msn.com/?pc=UP97&ocid=UP97DHP CHR Plugin: (Shockwave Flash) - C:\Users\Toni\AppData\Local\Google\Chrome\Application\32.0.1700.76\gcswf32.dll No File CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll No File CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll No File CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll No File CHR Plugin: (Java Deployment Toolkit 6.0.240.7) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll (Sun Microsystems, Inc.) CHR Plugin: (Java(TM) Platform SE 6 U24) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.) CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll No File CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll No File CHR Plugin: (DivX Web Player) - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) CHR Plugin: (RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll (RealNetworks, Inc.) CHR Plugin: (RealPlayer Version Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\nprpjplug.dll No File CHR Plugin: (RealNetworks(tm) RealPlayer Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) CHR Plugin: (RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) CHR Plugin: (Remoting Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Users\Toni\AppData\Local\Google\Chrome\Application\32.0.1700.76\ppGoogleNaClPluginChrome.dll No File CHR Plugin: (Chrome PDF Viewer) - C:\Users\Toni\AppData\Local\Google\Chrome\Application\32.0.1700.76\pdf.dll No File CHR Plugin: (RealJukebox NS Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\nprjplug.dll No File CHR Plugin: (Winamp Application Detector) - C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll (Nullsoft, Inc.) CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) CHR Plugin: (Foxit Reader Plugin for Mozilla) - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) CHR Plugin: (VLC Multimedia Plug-in) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () CHR Plugin: (PDF-XChange Viewer) - C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.) CHR Plugin: (Google Update) - C:\Users\Toni\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll No File CHR Plugin: (Windows Activation Technologies) - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) CHR Plugin: (Default Plug-in) - default_plugin No File CHR Extension: (RealDownloader) - C:\Users\Toni\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2013-11-17] CHR Extension: (NCapture) - C:\Users\Toni\AppData\Local\Google\Chrome\User Data\Default\Extensions\lgomjifbpjfhpodjhihemafahhmegbek [2013-04-13] CHR Extension: (Skype Click to Call) - C:\Users\Toni\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2012-07-15] CHR Extension: (Google Wallet) - C:\Users\Toni\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-17] CHR Extension: (Mehr Leistung und Videoformate für dein HTML5 <video>) - C:\Users\Toni\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm [2011-06-22] CHR Extension: (Bitdefender QuickScan) - C:\Users\Toni\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdnkcidphdcakpkheohlhocaicfamjie [2014-01-14] CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14] CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2011-12-12] ==================== Services (Whitelisted) ================= R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390720 2014-04-11] (Microsoft Corporation) R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1764992 2014-04-11] (Microsoft Corporation) R2 cjpcsc; C:\Windows\SysWOW64\cjpcsc.exe [514128 2012-03-19] (REINER SCT) R2 EgisTec Service; C:\Program Files (x86)\Hewlett-Packard\HP SimplePass Identity Protection\EgisService.exe [697712 2010-06-08] (Egis Technology Inc. ) R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation) R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-10-23] (Microsoft Corporation) S4 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2010-03-05] () S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [348376 2013-10-23] (Microsoft Corporation) R2 O&O DriveLED; C:\Program Files\OO Software\DriveLED\oodlag.exe [610048 2009-09-28] (O&O Software GmbH) R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] () S2 HP Health Check Service; "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe" [X] ==================== Drivers (Whitelisted) ==================== U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation) S3 cjusb; C:\Windows\System32\DRIVERS\cjusb.sys [34672 2011-03-29] (REINER SCT) R3 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [306536 2011-03-04] () R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2012-02-06] (DT Soft Ltd) R1 DVMIO; C:\Windows\System32\DRIVERS\dvmio.sys [20056 2009-11-11] (DeviceVM, Inc.) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-04-03] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2014-04-20] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63192 2014-04-03] (Malwarebytes Corporation) R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [248240 2013-09-27] (Microsoft Corporation) S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [134944 2013-09-27] (Microsoft Corporation) R0 OODrvled; C:\Windows\System32\DRIVERS\OODrvled.sys [30216 2009-09-28] (O&O Software GmbH) R2 ProtectorA; C:\Windows\system32\drivers\ProtectorA.sys [22672 2012-01-11] (www.ISRA.org.cn) S3 VMLiteUSB; C:\Windows\System32\Drivers\VMLiteUSB.sys [150120 2010-08-11] (VMLite, Inc.) S3 ALSysIO; \??\C:\Users\Toni\AppData\Local\Temp\ALSysIO64.sys [X] S3 catchme; \??\C:\ComboFix\catchme.sys [X] S3 clwvd; system32\DRIVERS\clwvd.sys [X] S3 iscFlash; \??\C:\Users\Toni\AppData\Local\Temp\iscflashx64.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-04-21 00:00 - 2014-04-21 00:00 - 00000000 ____D () C:\Users\Toni\Downloads\FRST-OlderVersion 2014-04-20 21:26 - 2014-04-20 21:26 - 00001062 _____ () C:\Users\Toni\Desktop\JRT.txt 2014-04-20 21:21 - 2014-04-20 21:21 - 00005037 _____ () C:\Users\Toni\Desktop\mbam.txt 2014-04-20 21:04 - 2014-04-20 21:04 - 00000000 ____D () C:\Windows\ERUNT 2014-04-20 20:59 - 2014-04-20 20:59 - 00006118 _____ () C:\Users\Toni\Desktop\AdwCleaner[S0].txt 2014-04-20 20:39 - 2014-04-20 20:41 - 00000000 ____D () C:\AdwCleaner 2014-04-20 20:37 - 2014-04-20 20:38 - 01308369 _____ () C:\Users\Toni\Downloads\adwcleaner.exe 2014-04-20 20:36 - 2014-04-20 20:36 - 00003606 _____ () C:\Windows\System32\Tasks\RNUpgradeHelperResumePrompt_Toni 2014-04-20 20:35 - 2014-04-20 20:46 - 00000372 _____ () C:\Windows\Tasks\RNUpgradeHelperLogonPrompt_Toni.job 2014-04-20 20:35 - 2014-04-20 20:43 - 00000366 _____ () C:\Windows\Tasks\ReclaimerUpdateFiles_Toni.job 2014-04-20 20:35 - 2014-04-20 20:43 - 00000362 _____ () C:\Windows\Tasks\ReclaimerUpdateXML_Toni.job 2014-04-20 20:35 - 2014-04-20 20:36 - 00002956 _____ () C:\Windows\System32\Tasks\ReclaimerUpdateFiles_Toni 2014-04-20 20:35 - 2014-04-20 20:36 - 00002952 _____ () C:\Windows\System32\Tasks\ReclaimerUpdateXML_Toni 2014-04-20 20:35 - 2014-04-20 20:36 - 00002660 _____ () C:\Windows\System32\Tasks\RNUpgradeHelperLogonPrompt_Toni 2014-04-20 15:18 - 2014-04-20 15:32 - 00771752 _____ () C:\Windows\Minidump\042014-168449-01.dmp 2014-04-16 22:00 - 2014-04-16 22:00 - 00001743 _____ () C:\Users\Public\Desktop\iTunes.lnk 2014-04-16 21:59 - 2014-04-16 21:59 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 2014-04-16 21:59 - 2014-04-16 21:59 - 00000000 ____D () C:\Program Files\iTunes 2014-04-16 21:59 - 2014-04-16 21:59 - 00000000 ____D () C:\Program Files\iPod 2014-04-16 21:59 - 2014-04-16 21:59 - 00000000 ____D () C:\Program Files (x86)\iTunes 2014-04-16 21:48 - 2014-04-16 21:48 - 00001805 _____ () C:\Users\Public\Desktop\QuickTime Player.lnk 2014-04-16 21:47 - 2014-04-16 21:48 - 00000000 ____D () C:\Program Files (x86)\QuickTime 2014-04-16 14:39 - 2014-04-20 21:43 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-04-16 14:19 - 2014-04-16 14:20 - 01016261 _____ (Thisisu) C:\Users\Toni\Downloads\JRT.exe 2014-04-16 14:19 - 2014-04-16 14:19 - 00001062 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-04-16 14:18 - 2014-04-16 14:18 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-04-16 14:18 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-04-16 14:18 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-04-16 14:17 - 2014-04-16 14:17 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Toni\Downloads\mbam-setup-2.0.1.1004.exe 2014-04-15 14:16 - 2014-04-21 00:00 - 00000000 ____D () C:\FRST 2014-04-15 14:16 - 2014-04-21 00:00 - 00000000 _____ () C:\Users\Toni\Downloads\FRST.txt 2014-04-15 14:16 - 2014-04-15 14:17 - 00051589 _____ () C:\Users\Toni\Downloads\Addition.txt 2014-04-15 14:15 - 2014-04-21 00:00 - 02056704 _____ (Farbar) C:\Users\Toni\Downloads\FRST64.exe 2014-04-14 22:30 - 2014-04-14 22:30 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-04-07 21:57 - 2014-04-07 21:57 - 00000364 _____ () C:\Users\Toni\Downloads\swisscom_internet_access.txt 2014-03-27 18:53 - 2014-03-28 10:50 - 00001006 _____ () C:\Users\Toni\Downloads\Lab 4.do 2014-03-24 08:11 - 2014-03-24 08:11 - 00000227 _____ () C:\Users\Toni\Downloads\Lab 3.do 2014-03-24 07:40 - 2014-03-24 07:40 - 00002922 _____ () C:\Users\Toni\Downloads\Lab3_States.dta ==================== One Month Modified Files and Folders ======= 2014-04-21 00:00 - 2014-04-21 00:00 - 00000000 ____D () C:\Users\Toni\Downloads\FRST-OlderVersion 2014-04-21 00:00 - 2014-04-15 14:16 - 00000000 ____D () C:\FRST 2014-04-21 00:00 - 2014-04-15 14:16 - 00000000 _____ () C:\Users\Toni\Downloads\FRST.txt 2014-04-21 00:00 - 2014-04-15 14:15 - 02056704 _____ (Farbar) C:\Users\Toni\Downloads\FRST64.exe 2014-04-20 23:58 - 2013-09-01 17:48 - 00001116 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1437298276-3645973725-722044047-1006UA.job 2014-04-20 23:44 - 2012-11-23 17:42 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-04-20 23:44 - 2012-01-26 22:40 - 00000000 ____D () C:\Users\Toni\AppData\Roaming\Dropbox 2014-04-20 23:44 - 2011-03-01 19:30 - 00000000 ____D () C:\Users\Toni\AppData\Roaming\Skype 2014-04-20 23:38 - 2012-01-26 22:41 - 00000000 ___RD () C:\Users\Toni\Dropbox 2014-04-20 22:16 - 2009-07-14 04:34 - 00423303 _____ () C:\Windows\win.ini 2014-04-20 21:43 - 2014-04-16 14:39 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-04-20 21:38 - 2010-10-08 19:31 - 01656505 _____ () C:\Windows\WindowsUpdate.log 2014-04-20 21:26 - 2014-04-20 21:26 - 00001062 _____ () C:\Users\Toni\Desktop\JRT.txt 2014-04-20 21:21 - 2014-04-20 21:21 - 00005037 _____ () C:\Users\Toni\Desktop\mbam.txt 2014-04-20 21:08 - 2009-07-14 06:45 - 00023248 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-04-20 21:08 - 2009-07-14 06:45 - 00023248 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-04-20 21:04 - 2014-04-20 21:04 - 00000000 ____D () C:\Windows\ERUNT 2014-04-20 20:59 - 2014-04-20 20:59 - 00006118 _____ () C:\Users\Toni\Desktop\AdwCleaner[S0].txt 2014-04-20 20:52 - 2010-07-23 20:10 - 23530122 _____ () C:\Windows\system32\perfh007.dat 2014-04-20 20:52 - 2010-07-23 20:10 - 07650412 _____ () C:\Windows\system32\perfc007.dat 2014-04-20 20:52 - 2009-07-14 07:13 - 00006488 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-04-20 20:46 - 2014-04-20 20:35 - 00000372 _____ () C:\Windows\Tasks\RNUpgradeHelperLogonPrompt_Toni.job 2014-04-20 20:43 - 2014-04-20 20:35 - 00000366 _____ () C:\Windows\Tasks\ReclaimerUpdateFiles_Toni.job 2014-04-20 20:43 - 2014-04-20 20:35 - 00000362 _____ () C:\Windows\Tasks\ReclaimerUpdateXML_Toni.job 2014-04-20 20:43 - 2014-01-13 18:13 - 00003211 _____ () C:\Windows\setupact.log 2014-04-20 20:43 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-04-20 20:42 - 2010-10-08 19:40 - 00721486 _____ () C:\Windows\PFRO.log 2014-04-20 20:41 - 2014-04-20 20:39 - 00000000 ____D () C:\AdwCleaner 2014-04-20 20:40 - 2013-08-24 18:25 - 00000000 ___RD () C:\Users\Same\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2014-04-20 20:38 - 2014-04-20 20:37 - 01308369 _____ () C:\Users\Toni\Downloads\adwcleaner.exe 2014-04-20 20:36 - 2014-04-20 20:36 - 00003606 _____ () C:\Windows\System32\Tasks\RNUpgradeHelperResumePrompt_Toni 2014-04-20 20:36 - 2014-04-20 20:35 - 00002956 _____ () C:\Windows\System32\Tasks\ReclaimerUpdateFiles_Toni 2014-04-20 20:36 - 2014-04-20 20:35 - 00002952 _____ () C:\Windows\System32\Tasks\ReclaimerUpdateXML_Toni 2014-04-20 20:36 - 2014-04-20 20:35 - 00002660 _____ () C:\Windows\System32\Tasks\RNUpgradeHelperLogonPrompt_Toni 2014-04-20 15:32 - 2014-04-20 15:18 - 00771752 _____ () C:\Windows\Minidump\042014-168449-01.dmp 2014-04-20 15:32 - 2011-03-02 15:19 - 00003922 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{33F05840-799A-45B7-A3DC-FC5A62EDCA7E} 2014-04-20 15:18 - 2011-07-12 20:17 - 00000000 ____D () C:\Windows\Minidump 2014-04-16 23:23 - 2011-12-22 06:51 - 00000000 ___RD () C:\Program Files (x86)\Skype 2014-04-16 22:00 - 2014-04-16 22:00 - 00001743 _____ () C:\Users\Public\Desktop\iTunes.lnk 2014-04-16 21:59 - 2014-04-16 21:59 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 2014-04-16 21:59 - 2014-04-16 21:59 - 00000000 ____D () C:\Program Files\iTunes 2014-04-16 21:59 - 2014-04-16 21:59 - 00000000 ____D () C:\Program Files\iPod 2014-04-16 21:59 - 2014-04-16 21:59 - 00000000 ____D () C:\Program Files (x86)\iTunes 2014-04-16 21:55 - 2011-03-04 08:10 - 00000000 ____D () C:\ProgramData\Apple 2014-04-16 21:48 - 2014-04-16 21:48 - 00001805 _____ () C:\Users\Public\Desktop\QuickTime Player.lnk 2014-04-16 21:48 - 2014-04-16 21:47 - 00000000 ____D () C:\Program Files (x86)\QuickTime 2014-04-16 16:33 - 2010-10-08 19:38 - 00000000 ____D () C:\Windows\HPQ 2014-04-16 15:40 - 2013-10-21 15:04 - 00000000 ____D () C:\Users\Same\AppData\Local\Feven 1.5-BrowserExtensionUninstall 2014-04-16 14:21 - 2012-02-06 00:40 - 00000000 ____D () C:\Users\Toni\AppData\Roaming\Malwarebytes 2014-04-16 14:21 - 2012-02-06 00:40 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-04-16 14:20 - 2014-04-16 14:19 - 01016261 _____ (Thisisu) C:\Users\Toni\Downloads\JRT.exe 2014-04-16 14:19 - 2014-04-16 14:19 - 00001062 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-04-16 14:18 - 2014-04-16 14:18 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-04-16 14:17 - 2014-04-16 14:17 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Toni\Downloads\mbam-setup-2.0.1.1004.exe 2014-04-16 12:59 - 2013-09-01 17:48 - 00001064 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1437298276-3645973725-722044047-1006Core.job 2014-04-15 14:46 - 2011-07-16 11:00 - 00000000 ____D () C:\Users\Toni\AppData\Roaming\QuickScan 2014-04-15 14:17 - 2014-04-15 14:16 - 00051589 _____ () C:\Users\Toni\Downloads\Addition.txt 2014-04-14 22:30 - 2014-04-14 22:30 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-04-14 09:00 - 2014-01-23 23:07 - 00000000 ____D () C:\Program Files\Microsoft Security Client 2014-04-14 09:00 - 2014-01-23 23:07 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client 2014-04-14 09:00 - 2013-08-24 18:25 - 00000000 ____D () C:\Users\Same 2014-04-14 09:00 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\registration 2014-04-13 23:15 - 2011-03-01 18:37 - 00000000 ____D () C:\Users\Toni 2014-04-07 21:57 - 2014-04-07 21:57 - 00000364 _____ () C:\Users\Toni\Downloads\swisscom_internet_access.txt 2014-04-03 09:51 - 2014-04-16 14:18 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-04-03 09:51 - 2014-04-16 14:18 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-04-03 09:50 - 2012-02-06 00:40 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-03-28 10:50 - 2014-03-27 18:53 - 00001006 _____ () C:\Users\Toni\Downloads\Lab 4.do 2014-03-28 10:02 - 2011-03-01 19:21 - 00000000 ____D () C:\Users\Toni\AppData\Roaming\vlc 2014-03-27 03:01 - 2011-06-02 22:08 - 00000000 ____D () C:\Users\Toni\Documents\My Library 2014-03-24 08:11 - 2014-03-24 08:11 - 00000227 _____ () C:\Users\Toni\Downloads\Lab 3.do 2014-03-24 07:40 - 2014-03-24 07:40 - 00002922 _____ () C:\Users\Toni\Downloads\Lab3_States.dta 2014-03-23 00:42 - 2013-07-21 03:05 - 00000000 ____D () C:\Windows\system32\MRT 2014-03-23 00:40 - 2011-04-08 22:22 - 90015360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-03-22 11:36 - 2013-02-27 23:15 - 00000000 ____D () C:\Windows\rescache 2014-03-22 11:35 - 2011-03-06 19:09 - 00000000 ____D () C:\Windows\System32\Tasks\Games Some content of TEMP: ==================== C:\Users\Toni\AppData\Local\Temp\Foxit Reader Updater.exe C:\Users\Toni\AppData\Local\Temp\htmlayout.dll C:\Users\Toni\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe C:\Users\Toni\AppData\Local\Temp\Quarantine.exe C:\Users\Toni\AppData\Local\Temp\uninstall10646319.exe C:\Users\Toni\AppData\Local\Temp\vlc-2.1.2-win32.exe C:\Users\Toni\AppData\Local\Temp\vlc-2.1.3-win32.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-04-20 22:09 ==================== End Of Log ============================ Nochmal vielen Dank, und frohe Ostern! trojanertoni |
21.04.2014, 20:32 | #8 |
/// the machine /// TB-Ausbilder | Festplattenzugriff sehr langsam - Malware?ESET Online Scanner
Downloade Dir bitte SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
29.04.2014, 16:12 | #9 |
| Festplattenzugriff sehr langsam - Malware? Danke! Sorry für die lange Zeit, zwischendurch wollte er nicht mehr hochfahren. Keine Ahnung, was los ist/war. ESET logfile: Code:
ATTFilter ESETSmartInstaller@High as downloader log: all ok # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6920 # api_version=3.0.2 # EOSSerial=6de02d1dbf7062439887b9e8d7f3d34b # engine=18063 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=false # unsafe_checked=false # antistealth_checked=true # utc_time=2014-04-28 09:04:34 # local_time=2014-04-28 11:04:34 (+0100, Mitteleuropäische Sommerzeit ) # country="Germany" # lang=1031 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode=5893 16776574 100 94 8390198 150348924 0 0 # scanned=350544 # found=7 # cleaned=0 # scan_time=8279 sh=9B1B80BFC3D37A62A107DDD9B61C377DD26D0146 ft=0 fh=0000000000000000 vn="Variante von Java/Exploit.CVE-2011-3544.AV Trojaner" ac=I fn="C:\Users\Toni\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11\14710b4b-56a104be" sh=D9C29C989246597790625A885CB9EBCA6F0A36F4 ft=0 fh=0000000000000000 vn="Java/Exploit.CVE-2012-1723.E Trojaner" ac=I fn="C:\Users\Toni\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26\1ffd071a-356b035c" sh=076235DD75DB0D5DC4739C79B034D682E5308370 ft=0 fh=0000000000000000 vn="Variante von Java/Exploit.CVE-2012-4681.CU Trojaner" ac=I fn="C:\Users\Toni\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44\4492f52c-31b47025" sh=076235DD75DB0D5DC4739C79B034D682E5308370 ft=0 fh=0000000000000000 vn="Variante von Java/Exploit.CVE-2012-4681.CU Trojaner" ac=I fn="C:\Users\Toni\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44\4492f52c-73ee28c2" sh=2A4FDFF4BA2CB74DFCB7C087E2FF7DEA131A60D0 ft=0 fh=0000000000000000 vn="Variante von Win32/Kryptik.AADO Trojaner" ac=I fn="C:\Users\Toni\Documents\OTL\_OTL.zip" sh=F7CCA2F3B77A6F02A0647D76E8FFCB015E8087CC ft=0 fh=0000000000000000 vn="Variante von Win32/Kryptik.AADO Trojaner" ac=I fn="C:\_OTL\MovedFiles.zip" sh=2678838E2E5FA32965F9E828A0D8FF365D874CAA ft=0 fh=0000000000000000 vn="Variante von Generik.LERQPFC Trojaner" ac=I fn="G:\Tests\Windows\800test.coms_5_Verbal_tests.zip" Code:
ATTFilter Results of screen317's Security Check version 0.99.82 Windows 7 Service Pack 1 x64 (UAC is disabled!) Internet Explorer 11 ``````````````Antivirus/Firewall Check:`````````````` Microsoft Security Essentials (On Access scanning disabled!) Error obtaining update status for antivirus! `````````Anti-malware/Other Utilities Check:````````` Java(TM) 6 Update 24 Java(TM) 6 Update 22 Java 7 Update 51 Java version out of Date! Adobe Flash Player 13.0.0.206 Mozilla Firefox (28.0) Mozilla Thunderbird (3.1.10) Thunderbird out of Date! ````````Process Check: objlist.exe by Laurent```````` Microsoft Security Essentials MSMpEng.exe Microsoft Security Essentials msseces.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 29-04-2014 Ran by Toni (administrator) on TONI-HP on 29-04-2014 17:10:56 Running from C:\Users\Toni\Downloads Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard Internet Explorer Version 11 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe (AMD) C:\Windows\system32\atiesrxx.exe (IDT, Inc.) C:\Program Files\IDT\WDM\STacSV64.exe (Hewlett-Packard Company) C:\Windows\system32\Hpservice.exe (Validity Sensors, Inc.) C:\Windows\system32\vcsFPService.exe (Egis Technology Inc. ) C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe (AMD) C:\Windows\system32\atieclxx.exe (Egis Technology Inc. ) C:\Program Files (x86)\Hewlett-Packard\HP SimplePass Identity Protection\EgisService.exe (Microsoft Corporation) C:\Windows\system32\WLANExt.exe (Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe (REINER SCT) C:\Windows\SysWOW64\cjpcsc.exe (Cisco Systems, Inc.) C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe (EasyBits Software AS) C:\Windows\SysWOW64\ezSharedSvcHost.exe (O&O Software GmbH) C:\Program Files\OO Software\DriveLED\oodlag.exe (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE (Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE (Mekentosj BV) C:\Program Files (x86)\Mekentosj\Papers\Citations.exe (Dropbox, Inc.) C:\Users\Toni\AppData\Roaming\Dropbox\bin\Dropbox.exe (OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe () C:\Program Files (x86)\Besta\PSH2.0\PSH2.exe (Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe () C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe (Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (RealNetworks, Inc.) c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe () C:\Users\Toni\Downloads\SecurityCheck.exe (Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe () C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe (Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (RealNetworks, Inc.) c:\program files (x86)\real\realplayer\update\realsched.exe (Microsoft Corporation) C:\Windows\system32\prevhost.exe (RealNetworks, Inc.) C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-13] (Synaptics Incorporated) HKLM\...\Run: [IntelWireless] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1928976 2010-03-05] (Intel(R) Corporation) HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [324096 2010-09-07] (Alcor Micro Corp.) HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [525312 2011-01-25] (IDT, Inc.) HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation) HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-06-21] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2010-04-27] (Intel Corporation) HKLM-x32\...\Run: [EgisTecPMMUpdate] => C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe [401192 2009-12-24] (Egis Technology Inc.) HKLM-x32\...\Run: [EgisUpdate] => C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe [201512 2009-12-24] (Egis Technology Inc.) HKLM-x32\...\Run: [ServiceHome] => C:\Program Files (x86)\Besta\PSH2.0\PSH2.exe [3067904 2010-08-20] () HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation) HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.) HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-05-20] (DivX, LLC) HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [163000 2012-12-12] (Geek Software GmbH) HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1263952 2013-02-13] () HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKLM-x32\...\Run: [Magic Desktop for HP notification] => C:\ProgramData\Easybits Magic Desktop for HP\mdhpSUN.exe [1258504 2013-12-25] (Easybits) HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.) HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.) HKLM-x32\...\Run: [TkBellExe] => c:\program files (x86)\real\realplayer\update\realsched.exe [296520 2014-04-29] (RealNetworks, Inc.) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) Winlogon\Notify\ScCertProp: wlnotify.dll [X] HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1 HKU\S-1-5-21-1437298276-3645973725-722044047-1001\...\Run: [Klebezettel NG] => [X] HKU\S-1-5-21-1437298276-3645973725-722044047-1001\...\Run: [OfficeSyncProcess] => C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [720064 2013-04-22] (Microsoft Corporation) HKU\S-1-5-21-1437298276-3645973725-722044047-1001\...\Run: [Citations] => C:\Program Files (x86)\Mekentosj\Papers\Citations.exe [664064 2013-03-12] (Mekentosj BV) HKU\S-1-5-21-1437298276-3645973725-722044047-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [20922016 2014-02-10] (Skype Technologies S.A.) HKU\S-1-5-21-1437298276-3645973725-722044047-1001\...\Policies\system: [DisableLockWorkstation] 0 HKU\S-1-5-21-1437298276-3645973725-722044047-1001\...\Policies\system: [DisableChangePassword] 0 Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RealPlayer Cloud Service UI.lnk ShortcutTarget: RealPlayer Cloud Service UI.lnk -> C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin64\rpsystray.exe (RealNetworks, Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\vpngui.exe.lnk ShortcutTarget: vpngui.exe.lnk -> C:\Windows\Installer\{5FDC06BF-3D3D-4367-8FFB-4FAFCB61972D}\Icon09DB8A851.exe () Startup: C:\Users\Toni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\Toni\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) Startup: C:\Users\Toni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM - {3A39D5F3-635C-44AB-A170-7EB25B6239D7} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF SearchScopes: HKLM - {99E87C1F-BC2F-42C6-9B24-5B9FA12E628F} URL = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms} SearchScopes: HKLM-x32 - {3A39D5F3-635C-44AB-A170-7EB25B6239D7} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF SearchScopes: HKCU - E69BCC8206984B329D06D7635D8406BF URL = hxxp://search.babylon.com/web/{searchTerms}?babsrc=SP_ss&affID=100489&mntrId=e8c86a190000000000000026c7a85423 SearchScopes: HKCU - {3A39D5F3-635C-44AB-A170-7EB25B6239D7} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF SearchScopes: HKCU - {750CF89F-CA32-4255-9B2D-786E9F5C1E49} URL = BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin64.dll (RealDownloader) BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) BHO: EgisPBIE Class - {7B51CCBE-4AF9-44A6-BDAB-D7F7E4C4E6F9} - C:\Program Files (x86)\Hewlett-Packard\HP SimplePass Identity Protection\x64\EgisPBIE.dll (Egis Technology Inc.) BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation) BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader) BHO-x32: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: EgisPBIE Class - {7B51CCBE-4AF9-44A6-BDAB-D7F7E4C4E6F9} - C:\Program Files (x86)\Hewlett-Packard\HP SimplePass Identity Protection\EgisPBIE.dll (Egis Technology Inc.) BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation) BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: No Name - {B530A9A4-1722-4D16-AAD6-AA85E3AD2ADE} - No File BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) DPF: HKLM-x32 {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} hxxp://quickscan.bitdefender.com/qsax/qsax.cab Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation) Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.48.1 Tcpip\..\Interfaces\{30B2CFE4-82E7-44F2-ABFF-E00AF5D91C19}: [NameServer]0.0.0.0 FireFox: ======== FF ProfilePath: C:\Users\Toni\AppData\Roaming\Mozilla\Firefox\Profiles\yujefysg.default-1398032586799 FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_206.dll () FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.) FF Plugin: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_206.dll () FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.) FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf - C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @real.com/nppl3260;version=17.0.9.17 - c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=17.0.9 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=17.0.9 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=17.0.9 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=15.0.6.14 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprphtml5videoshim;version=15.0.6.14 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprpplugin;version=17.0.9.17 - c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer Cloud) FF Plugin-x32: @sun.com/npsopluginmi;version=1.0 - C:\Program Files (x86)\OpenOffice.org 3\program () FF Plugin-x32: @videolan.org/vlc,version=2.0.2 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.2 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.3 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nprpplugin.dll (RealPlayer Cloud) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll (Nullsoft, Inc.) FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-04-14] FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-04-11] FF HKLM-x32\...\Firefox\Extensions: [{41ecbc0b-34d5-4cd4-935f-253a30e2cb7e}] - C:\Program Files (x86)\Hewlett-Packard\HP SimplePass Identity Protection\FFExt FF Extension: SimplePass Online Accounts Extension - C:\Program Files (x86)\Hewlett-Packard\HP SimplePass Identity Protection\FFExt [2010-10-08] FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 FF Extension: DivX Plus Web Player HTML5 <video> - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012-02-06] FF HKLM-x32\...\Firefox\Extensions: [{0153E448-190B-4987-BDE1-F256CADA672F}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext FF Extension: RealPlayer Browser Record Plugin - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012-10-01] FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-04-29] FF HKLM-x32\...\Firefox\Extensions: [{53D8DD28-1C83-41F3-B171-C2ED5B3E5DE8}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [] Chrome: ======= CHR HomePage: hxxp://de.msn.com/?pc=UP97&ocid=UP97DHP CHR Plugin: (Shockwave Flash) - C:\Users\Toni\AppData\Local\Google\Chrome\Application\32.0.1700.76\gcswf32.dll No File CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll No File CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll No File CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll No File CHR Plugin: (Java Deployment Toolkit 6.0.240.7) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll (Sun Microsystems, Inc.) CHR Plugin: (Java(TM) Platform SE 6 U24) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll No File CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll No File CHR Plugin: (DivX Web Player) - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) CHR Plugin: (RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll (RealNetworks, Inc.) CHR Plugin: (RealPlayer Version Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\nprpjplug.dll No File CHR Plugin: (RealNetworks(tm) RealPlayer Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) CHR Plugin: (RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) CHR Plugin: (Remoting Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Users\Toni\AppData\Local\Google\Chrome\Application\32.0.1700.76\ppGoogleNaClPluginChrome.dll No File CHR Plugin: (Chrome PDF Viewer) - C:\Users\Toni\AppData\Local\Google\Chrome\Application\32.0.1700.76\pdf.dll No File CHR Plugin: (RealJukebox NS Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\nprjplug.dll No File CHR Plugin: (Winamp Application Detector) - C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll (Nullsoft, Inc.) CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) CHR Plugin: (Foxit Reader Plugin for Mozilla) - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) CHR Plugin: (VLC Multimedia Plug-in) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () CHR Plugin: (PDF-XChange Viewer) - C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.) CHR Plugin: (Google Update) - C:\Users\Toni\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll No File CHR Plugin: (Windows Activation Technologies) - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) CHR Plugin: (Default Plug-in) - default_plugin No File CHR Extension: (RealDownloader) - C:\Users\Toni\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2013-11-17] CHR Extension: (NCapture) - C:\Users\Toni\AppData\Local\Google\Chrome\User Data\Default\Extensions\lgomjifbpjfhpodjhihemafahhmegbek [2013-04-13] CHR Extension: (Skype Click to Call) - C:\Users\Toni\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2012-07-15] CHR Extension: (Google Wallet) - C:\Users\Toni\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-17] CHR Extension: (Mehr Leistung und Videoformate für dein HTML5 <video>) - C:\Users\Toni\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm [2011-06-22] CHR Extension: (Bitdefender QuickScan) - C:\Users\Toni\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdnkcidphdcakpkheohlhocaicfamjie [2014-01-14] CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2014-04-06] CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2011-12-12] ==================== Services (Whitelisted) ================= R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390720 2014-04-11] (Microsoft Corporation) R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1764992 2014-04-11] (Microsoft Corporation) R2 cjpcsc; C:\Windows\SysWOW64\cjpcsc.exe [514128 2012-03-19] (REINER SCT) R2 EgisTec Service; C:\Program Files (x86)\Hewlett-Packard\HP SimplePass Identity Protection\EgisService.exe [697712 2010-06-08] (Egis Technology Inc. ) S2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation) S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation) R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation) S4 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2010-03-05] () S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation) R2 O&O DriveLED; C:\Program Files\OO Software\DriveLED\oodlag.exe [610048 2009-09-28] (O&O Software GmbH) R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39568 2014-04-06] () R2 RealPlayer Cloud Service; c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe [1141848 2014-04-29] (RealNetworks, Inc.) R2 RealPlayerUpdateSvc; C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe [23552 2014-04-07] () S2 HP Health Check Service; "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe" [X] ==================== Drivers (Whitelisted) ==================== U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation) S3 cjusb; C:\Windows\System32\DRIVERS\cjusb.sys [34672 2011-03-29] (REINER SCT) R3 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [306536 2011-03-04] () R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2012-02-06] (DT Soft Ltd) R1 DVMIO; C:\Windows\System32\DRIVERS\dvmio.sys [20056 2009-11-11] (DeviceVM, Inc.) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-04-03] (Malwarebytes Corporation) S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2014-04-28] (Malwarebytes Corporation) S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63192 2014-04-03] (Malwarebytes Corporation) R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation) S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation) R0 OODrvled; C:\Windows\System32\DRIVERS\OODrvled.sys [30216 2009-09-28] (O&O Software GmbH) R2 ProtectorA; C:\Windows\system32\drivers\ProtectorA.sys [22672 2012-01-11] (www.ISRA.org.cn) S3 VMLiteUSB; C:\Windows\System32\Drivers\VMLiteUSB.sys [150120 2010-08-11] (VMLite, Inc.) S3 ALSysIO; \??\C:\Users\Toni\AppData\Local\Temp\ALSysIO64.sys [X] S3 catchme; \??\C:\ComboFix\catchme.sys [X] S3 clwvd; system32\DRIVERS\clwvd.sys [X] S3 iscFlash; \??\C:\Users\Toni\AppData\Local\Temp\iscflashx64.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-04-29 16:46 - 2014-04-29 17:10 - 00003358 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1437298276-3645973725-722044047-1001 2014-04-29 16:46 - 2014-04-29 17:10 - 00003222 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1437298276-3645973725-722044047-1001 2014-04-29 16:46 - 2014-04-29 16:46 - 00000000 ____D () C:\Users\Toni\AppData\Roaming\RealNetworks 2014-04-29 16:11 - 2014-04-29 16:11 - 00001132 _____ () C:\Users\Public\Desktop\RealPlayer Cloud.lnk 2014-04-29 16:07 - 2014-04-29 16:07 - 00201800 _____ (RealNetworks, Inc.) C:\Windows\SysWOW64\rmoc3260.dll 2014-04-29 16:07 - 2014-04-29 16:07 - 00000000 ____D () C:\ProgramData\RealNetworks 2014-04-29 16:07 - 2014-04-29 16:07 - 00000000 ____D () C:\Program Files (x86)\RealNetworks 2014-04-29 16:06 - 2014-04-29 16:06 - 00505416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp71.dll 2014-04-29 16:06 - 2014-04-29 16:06 - 00353864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr71.dll 2014-04-29 16:06 - 2014-04-29 16:06 - 00278600 _____ (Progressive Networks) C:\Windows\SysWOW64\pncrt.dll 2014-04-28 20:44 - 2014-04-28 20:44 - 02347384 _____ (ESET) C:\Users\Toni\Downloads\esetsmartinstaller_deu.exe 2014-04-28 20:44 - 2014-04-28 20:44 - 00855379 _____ () C:\Users\Toni\Downloads\SecurityCheck.exe 2014-04-28 20:44 - 2014-04-28 20:44 - 00000000 ____D () C:\Program Files (x86)\ESET 2014-04-28 20:03 - 2014-04-29 15:06 - 00000112 _____ () C:\Windows\setupact.log 2014-04-28 20:03 - 2014-04-28 20:03 - 00000000 _____ () C:\Windows\setuperr.log 2014-04-21 00:00 - 2014-04-29 17:10 - 00000000 ____D () C:\Users\Toni\Downloads\FRST-OlderVersion 2014-04-20 21:26 - 2014-04-20 21:26 - 00001062 _____ () C:\Users\Toni\Desktop\JRT.txt 2014-04-20 21:21 - 2014-04-20 21:21 - 00005037 _____ () C:\Users\Toni\Desktop\mbam.txt 2014-04-20 21:04 - 2014-04-20 21:04 - 00000000 ____D () C:\Windows\ERUNT 2014-04-20 20:59 - 2014-04-20 20:59 - 00006118 _____ () C:\Users\Toni\Desktop\AdwCleaner[S0].txt 2014-04-20 20:39 - 2014-04-20 20:41 - 00000000 ____D () C:\AdwCleaner 2014-04-20 20:37 - 2014-04-20 20:38 - 01308369 _____ () C:\Users\Toni\Downloads\adwcleaner.exe 2014-04-16 22:00 - 2014-04-16 22:00 - 00001743 _____ () C:\Users\Public\Desktop\iTunes.lnk 2014-04-16 22:00 - 2014-04-16 22:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes 2014-04-16 21:59 - 2014-04-16 21:59 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 2014-04-16 21:59 - 2014-04-16 21:59 - 00000000 ____D () C:\Program Files\iTunes 2014-04-16 21:59 - 2014-04-16 21:59 - 00000000 ____D () C:\Program Files\iPod 2014-04-16 21:59 - 2014-04-16 21:59 - 00000000 ____D () C:\Program Files (x86)\iTunes 2014-04-16 21:48 - 2014-04-16 21:48 - 00001805 _____ () C:\Users\Public\Desktop\QuickTime Player.lnk 2014-04-16 21:48 - 2014-04-16 21:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime 2014-04-16 21:47 - 2014-04-16 21:48 - 00000000 ____D () C:\Program Files (x86)\QuickTime 2014-04-16 14:39 - 2014-04-28 21:55 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-04-16 14:19 - 2014-04-16 14:20 - 01016261 _____ (Thisisu) C:\Users\Toni\Downloads\JRT.exe 2014-04-16 14:19 - 2014-04-16 14:19 - 00001062 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-04-16 14:19 - 2014-04-16 14:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-04-16 14:18 - 2014-04-16 14:18 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-04-16 14:18 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-04-16 14:18 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-04-16 14:17 - 2014-04-16 14:17 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Toni\Downloads\mbam-setup-2.0.1.1004.exe 2014-04-15 14:16 - 2014-04-29 17:10 - 00000777 _____ () C:\Users\Toni\Downloads\FRST.txt 2014-04-15 14:16 - 2014-04-29 17:10 - 00000000 ____D () C:\FRST 2014-04-15 14:16 - 2014-04-15 14:17 - 00051589 _____ () C:\Users\Toni\Downloads\Addition.txt 2014-04-15 14:15 - 2014-04-29 17:10 - 02061824 _____ (Farbar) C:\Users\Toni\Downloads\FRST64.exe 2014-04-14 22:30 - 2014-04-14 22:30 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-04-14 21:53 - 2014-03-31 03:16 - 23134208 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-04-14 21:53 - 2014-03-31 03:13 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-04-14 21:53 - 2014-03-31 02:13 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-04-14 21:53 - 2014-03-31 01:57 - 17073152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-04-14 21:53 - 2014-03-04 11:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll 2014-04-14 21:53 - 2014-03-04 11:44 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll 2014-04-14 21:53 - 2014-03-04 11:44 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll 2014-04-14 21:53 - 2014-03-04 11:44 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll 2014-04-14 21:53 - 2014-03-04 11:44 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll 2014-04-14 21:53 - 2014-03-04 11:17 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll 2014-04-14 21:53 - 2014-03-04 11:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll 2014-04-14 21:53 - 2014-03-04 11:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe 2014-04-14 21:53 - 2014-03-04 11:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll 2014-04-14 21:53 - 2014-03-04 10:09 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe 2014-04-14 21:53 - 2014-03-04 10:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe 2014-04-14 21:53 - 2014-02-04 04:35 - 00274880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys 2014-04-14 21:53 - 2014-02-04 04:35 - 00190912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys 2014-04-14 21:53 - 2014-02-04 04:35 - 00027584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys 2014-04-14 21:53 - 2014-02-04 04:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll 2014-04-14 21:53 - 2014-02-04 04:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iologmsg.dll 2014-04-14 21:53 - 2014-01-24 04:37 - 01684928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys 2014-04-07 21:57 - 2014-04-07 21:57 - 00000364 _____ () C:\Users\Toni\Downloads\swisscom_internet_access.txt ==================== One Month Modified Files and Folders ======= 2014-04-30 01:04 - 2013-08-24 18:25 - 00000000 ____D () C:\Users\Same 2014-04-30 01:04 - 2011-09-17 17:33 - 00000000 ____D () C:\Users\Toni\Documents\PC Service Home Setting 2014-04-30 01:04 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\registration 2014-04-29 17:10 - 2014-04-29 16:46 - 00003358 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1437298276-3645973725-722044047-1001 2014-04-29 17:10 - 2014-04-29 16:46 - 00003222 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1437298276-3645973725-722044047-1001 2014-04-29 17:10 - 2014-04-21 00:00 - 00000000 ____D () C:\Users\Toni\Downloads\FRST-OlderVersion 2014-04-29 17:10 - 2014-04-15 14:16 - 00000777 _____ () C:\Users\Toni\Downloads\FRST.txt 2014-04-29 17:10 - 2014-04-15 14:16 - 00000000 ____D () C:\FRST 2014-04-29 17:10 - 2014-04-15 14:15 - 02061824 _____ (Farbar) C:\Users\Toni\Downloads\FRST64.exe 2014-04-29 16:58 - 2013-09-01 17:48 - 00001116 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1437298276-3645973725-722044047-1006UA.job 2014-04-29 16:46 - 2014-04-29 16:46 - 00000000 ____D () C:\Users\Toni\AppData\Roaming\RealNetworks 2014-04-29 16:45 - 2012-11-23 17:42 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-04-29 16:45 - 2011-05-30 10:31 - 00000000 ____D () C:\Users\Toni\AppData\Roaming\Real 2014-04-29 16:11 - 2014-04-29 16:11 - 00001132 _____ () C:\Users\Public\Desktop\RealPlayer Cloud.lnk 2014-04-29 16:11 - 2011-05-30 10:31 - 00000000 ____D () C:\Program Files (x86)\Real 2014-04-29 16:07 - 2014-04-29 16:07 - 00201800 _____ (RealNetworks, Inc.) C:\Windows\SysWOW64\rmoc3260.dll 2014-04-29 16:07 - 2014-04-29 16:07 - 00000000 ____D () C:\ProgramData\RealNetworks 2014-04-29 16:07 - 2014-04-29 16:07 - 00000000 ____D () C:\Program Files (x86)\RealNetworks 2014-04-29 16:07 - 2013-11-13 22:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealNetworks 2014-04-29 16:07 - 2011-05-30 10:31 - 00000000 ____D () C:\ProgramData\Real 2014-04-29 16:06 - 2014-04-29 16:06 - 00505416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp71.dll 2014-04-29 16:06 - 2014-04-29 16:06 - 00353864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr71.dll 2014-04-29 16:06 - 2014-04-29 16:06 - 00278600 _____ (Progressive Networks) C:\Windows\SysWOW64\pncrt.dll 2014-04-29 16:06 - 2009-07-14 05:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup 2014-04-29 15:30 - 2011-03-01 19:30 - 00000000 ____D () C:\Users\Toni\AppData\Roaming\Skype 2014-04-29 15:22 - 2009-07-14 06:45 - 00023248 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-04-29 15:22 - 2009-07-14 06:45 - 00023248 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-04-29 15:19 - 2010-10-08 19:31 - 01921648 _____ () C:\Windows\WindowsUpdate.log 2014-04-29 15:17 - 2012-01-26 22:40 - 00000000 ____D () C:\Users\Toni\AppData\Roaming\Dropbox 2014-04-29 15:15 - 2012-01-26 22:41 - 00000000 ___RD () C:\Users\Toni\Dropbox 2014-04-29 15:15 - 2009-07-14 04:34 - 00423383 _____ () C:\Windows\win.ini 2014-04-29 15:14 - 2010-07-23 20:10 - 23563894 _____ () C:\Windows\system32\perfh007.dat 2014-04-29 15:14 - 2010-07-23 20:10 - 07661592 _____ () C:\Windows\system32\perfc007.dat 2014-04-29 15:14 - 2009-07-14 07:13 - 00006488 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-04-29 15:08 - 2011-03-01 18:37 - 00000000 ____D () C:\Users\Toni 2014-04-29 15:06 - 2014-04-28 20:03 - 00000112 _____ () C:\Windows\setupact.log 2014-04-29 15:06 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-04-28 23:40 - 2013-02-27 23:15 - 00000000 ____D () C:\Windows\rescache 2014-04-28 21:55 - 2014-04-16 14:39 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-04-28 21:44 - 2012-11-23 17:42 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-04-28 21:44 - 2012-07-28 07:51 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-04-28 21:44 - 2012-07-28 07:51 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-04-28 21:09 - 2011-03-02 15:19 - 00003922 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{33F05840-799A-45B7-A3DC-FC5A62EDCA7E} 2014-04-28 20:44 - 2014-04-28 20:44 - 02347384 _____ (ESET) C:\Users\Toni\Downloads\esetsmartinstaller_deu.exe 2014-04-28 20:44 - 2014-04-28 20:44 - 00855379 _____ () C:\Users\Toni\Downloads\SecurityCheck.exe 2014-04-28 20:44 - 2014-04-28 20:44 - 00000000 ____D () C:\Program Files (x86)\ESET 2014-04-28 20:03 - 2014-04-28 20:03 - 00000000 _____ () C:\Windows\setuperr.log 2014-04-28 20:03 - 2010-10-08 19:40 - 00722558 _____ () C:\Windows\PFRO.log 2014-04-21 00:43 - 2011-03-03 23:32 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-04-21 00:42 - 2014-01-23 23:09 - 00002117 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk 2014-04-21 00:42 - 2011-12-30 19:27 - 00001912 _____ () C:\Windows\epplauncher.mif 2014-04-21 00:41 - 2014-01-23 23:07 - 00000000 ____D () C:\Program Files\Microsoft Security Client 2014-04-21 00:41 - 2014-01-23 23:07 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client 2014-04-21 00:39 - 2013-07-21 03:05 - 00000000 ____D () C:\Windows\system32\MRT 2014-04-21 00:38 - 2011-04-08 22:22 - 90655440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-04-21 00:32 - 2011-03-01 19:28 - 00000000 ____D () C:\Users\Toni\AppData\Local\Adobe 2014-04-21 00:32 - 2010-07-23 12:12 - 00000000 ____D () C:\ProgramData\Adobe 2014-04-21 00:31 - 2010-07-23 12:12 - 00000000 ____D () C:\Program Files (x86)\Adobe 2014-04-21 00:23 - 2014-02-13 21:18 - 00000000 ____D () C:\Users\Toni\Desktop\Alte Firefox-Daten 2014-04-21 00:19 - 2013-10-21 15:06 - 00000000 ____D () C:\Users\Toni\AppData\Local\FluxSoftware 2014-04-21 00:06 - 2011-07-12 20:17 - 00000000 ____D () C:\Windows\Minidump 2014-04-20 21:26 - 2014-04-20 21:26 - 00001062 _____ () C:\Users\Toni\Desktop\JRT.txt 2014-04-20 21:21 - 2014-04-20 21:21 - 00005037 _____ () C:\Users\Toni\Desktop\mbam.txt 2014-04-20 21:04 - 2014-04-20 21:04 - 00000000 ____D () C:\Windows\ERUNT 2014-04-20 20:59 - 2014-04-20 20:59 - 00006118 _____ () C:\Users\Toni\Desktop\AdwCleaner[S0].txt 2014-04-20 20:41 - 2014-04-20 20:39 - 00000000 ____D () C:\AdwCleaner 2014-04-20 20:40 - 2013-08-24 18:25 - 00000000 ___RD () C:\Users\Same\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2014-04-20 20:38 - 2014-04-20 20:37 - 01308369 _____ () C:\Users\Toni\Downloads\adwcleaner.exe 2014-04-16 23:23 - 2011-12-22 06:51 - 00000000 ___RD () C:\Program Files (x86)\Skype 2014-04-16 22:00 - 2014-04-16 22:00 - 00001743 _____ () C:\Users\Public\Desktop\iTunes.lnk 2014-04-16 22:00 - 2014-04-16 22:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes 2014-04-16 21:59 - 2014-04-16 21:59 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 2014-04-16 21:59 - 2014-04-16 21:59 - 00000000 ____D () C:\Program Files\iTunes 2014-04-16 21:59 - 2014-04-16 21:59 - 00000000 ____D () C:\Program Files\iPod 2014-04-16 21:59 - 2014-04-16 21:59 - 00000000 ____D () C:\Program Files (x86)\iTunes 2014-04-16 21:55 - 2011-03-04 08:10 - 00000000 ____D () C:\ProgramData\Apple 2014-04-16 21:48 - 2014-04-16 21:48 - 00001805 _____ () C:\Users\Public\Desktop\QuickTime Player.lnk 2014-04-16 21:48 - 2014-04-16 21:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime 2014-04-16 21:48 - 2014-04-16 21:47 - 00000000 ____D () C:\Program Files (x86)\QuickTime 2014-04-16 16:33 - 2010-10-08 19:38 - 00000000 ____D () C:\Windows\HPQ 2014-04-16 15:40 - 2013-10-21 15:04 - 00000000 ____D () C:\Users\Same\AppData\Local\Feven 1.5-BrowserExtensionUninstall 2014-04-16 14:21 - 2012-02-06 00:40 - 00000000 ____D () C:\Users\Toni\AppData\Roaming\Malwarebytes 2014-04-16 14:21 - 2012-02-06 00:40 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-04-16 14:20 - 2014-04-16 14:19 - 01016261 _____ (Thisisu) C:\Users\Toni\Downloads\JRT.exe 2014-04-16 14:19 - 2014-04-16 14:19 - 00001062 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-04-16 14:19 - 2014-04-16 14:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-04-16 14:18 - 2014-04-16 14:18 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-04-16 14:17 - 2014-04-16 14:17 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Toni\Downloads\mbam-setup-2.0.1.1004.exe 2014-04-16 12:59 - 2013-09-01 17:48 - 00001064 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1437298276-3645973725-722044047-1006Core.job 2014-04-15 14:46 - 2011-07-16 11:00 - 00000000 ____D () C:\Users\Toni\AppData\Roaming\QuickScan 2014-04-15 14:17 - 2014-04-15 14:16 - 00051589 _____ () C:\Users\Toni\Downloads\Addition.txt 2014-04-14 22:30 - 2014-04-14 22:30 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-04-07 21:57 - 2014-04-07 21:57 - 00000364 _____ () C:\Users\Toni\Downloads\swisscom_internet_access.txt 2014-04-03 09:51 - 2014-04-16 14:18 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-04-03 09:51 - 2014-04-16 14:18 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-04-03 09:50 - 2012-02-06 00:40 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-03-31 03:16 - 2014-04-14 21:53 - 23134208 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-03-31 03:13 - 2014-04-14 21:53 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-03-31 02:13 - 2014-04-14 21:53 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-03-31 01:57 - 2014-04-14 21:53 - 17073152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll Some content of TEMP: ==================== C:\Users\Toni\AppData\Local\Temp\Quarantine.exe C:\Users\Toni\AppData\Local\Temp\stubhelper.dll ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-04-29 16:53 ==================== End Of Log ============================ DIe Probleme sind immer noch da, und scheinen auch nicht besser zu werden, obwohl jeder Scan was findet. Hast du noch weitere Ideen? Sonst würde ich ihn jetzt neu aufsetzen! Danke nochmal! |
30.04.2014, 23:20 | #10 |
/// the machine /// TB-Ausbilder | Festplattenzugriff sehr langsam - Malware? Definier die Probleme nochmal genau. Malware ist da keine mehr ausser bissl was in den Temps.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
01.05.2014, 22:04 | #11 |
| Festplattenzugriff sehr langsam - Malware? Dankeschön! Also ne genauere Definition der Probleme: 1. Wenn ich versuche, etwas auf die Festplatte zu schreiben, hängt er erst mal 10 Minuten, macht es dann aber (zuverlässig). 2. Wenn ich versuche, nen Ordner zu öffnen, friert er meistens (nicht immer) ein (egal, ob C.; D:, bei externen aber weniger). 3. Beim Starten dauert es ewig, bis der Desktop benutzbar ist. Meistens sind erst mal gar keine Symbole da, dann kommen die Symbole und der Desktop friert ein (als er wird sehr hell, so ein bisschen "fadet"), irgendwann geht es dann. Wenn ich ein neues Programm, wie z.B. Firefox öffne, dauert es auch meistens, und friert erst mal ein. 4. Der Task-Manager geht zwar öffnen, aber die ganzen Reiter oben sind nicht da, sodass ich nur die Prozesse sehen kann, und nicht zwischen aktiven Programmen/Prozessen etc. wechseln kann. 5. Aus dem Stand-By lässt er sich gar nicht mehr wiederbeleben, aus dem Ruhezustand etwa 75%. Ich habe das Gefühl, dass es nach einem erneuten Neustart jetzt etwas schneller geworden ist, z.B. lässt er mich grad normal im File-Menü navigieren, aber das geht auch manchmal wieder weg, und der Task-Manager ist halt echt komisch. Speichern lässt er mich auch immer noch nur nach einigen Minuten warten, wo echt gar nichts mehr geht. Soll ich mal Temp löschen? Nochmal vielen Dank, Toni |
02.05.2014, 16:49 | #12 |
/// the machine /// TB-Ausbilder | Festplattenzugriff sehr langsam - Malware?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
05.05.2014, 14:53 | #13 |
| Festplattenzugriff sehr langsam - Malware? Temp ist gelöscht. Clean Boot habe ich versucht, aber es hat nicht funktioniert. Autostartprogramme waren genau so viele, Prozesse auch, und es hat genau so lang gedauert, bis er wieder ansprechbar war. Er hat sich dann auch voll heiß gelaufen, sodass der Lüfter sehr laut wa, das habe ich sonst nur unter Volllast. Ich werde den Clean Boot heute abend nochmal ausprobieren, es dauert aber auch immer 10 Minuten, bis ich Zugriff zur msconfig bekomme. Weißt du, woran das liegen kann? Danke nochmal! |
06.05.2014, 10:06 | #14 |
/// the machine /// TB-Ausbilder | Festplattenzugriff sehr langsam - Malware? 10 minuten? Das is arg stramm. Windows DVD da?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
06.05.2014, 17:40 | #15 |
| Festplattenzugriff sehr langsam - Malware? Ja, ich habe grad eine auf nem anderen PC runtergeladen und gebrannt. Soll ich neu aufsetzen oder nur reparieren? |